Merge pull request #64 from jcoste-orange/JENKINS-20832

[JENKINS-20832] Add support for case insensitive auth realms
jenkinsci · Dec 25, 2017 · 8164eab · 8164eab
2 parents 9d18317 + b3e01db
commit 8164eab
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 9 deletions.
diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java
@@ -23,6 +23,7 @@
  */
 package com.synopsys.arc.jenkins.plugins.ownership;
 
+import com.synopsys.arc.jenkins.plugins.ownership.util.IdStrategyComparator;
 import com.synopsys.arc.jenkins.plugins.ownership.util.OwnershipDescriptionHelper;
 import com.synopsys.arc.jenkins.plugins.ownership.nodes.OwnerNodeProperty;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -31,9 +32,6 @@
 import hudson.model.User;
 import java.io.Serializable;
 import java.util.Collection;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
 import javax.annotation.CheckForNull;
@@ -234,7 +232,12 @@ public boolean isOwner(User user, boolean includeSecondaryOwners) {
         if (isPrimaryOwner(user)) {
             return true;
         }
-        return includeSecondaryOwners ? coownersIds.contains(user.getId()) : false;
+        if (includeSecondaryOwners) {
+            Set<String> coowners = new TreeSet<String>(new IdStrategyComparator());
+            coowners.addAll(coownersIds);
+            return coowners.contains(user.getId());
+        }
+        return false;
     }
 
     @Whitelisted

diff --git a/...psys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java b/...psys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java
@@ -26,6 +26,7 @@
 import com.synopsys.arc.jenkins.plugins.ownership.Messages;
 import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription;
 import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper;
+import com.synopsys.arc.jenkins.plugins.ownership.util.IdStrategyComparator;
 import com.synopsys.arc.jenkins.plugins.ownership.util.ui.UserSelector;
 import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestriction;
 import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestrictionDescriptor;
@@ -63,7 +64,7 @@ public OwnersListJobRestriction(List<UserSelector> usersList, boolean acceptsCoO
     protected synchronized final void updateUsersMap() {
         if (usersMap == null) {
             // Update users map
-            usersMap = new TreeSet<String>();
+            usersMap = new TreeSet<String>(new IdStrategyComparator());
             for (UserSelector selector : usersList) {
                 String userId = hudson.Util.fixEmptyAndTrim(selector.getSelectedUserId());
                 if (userId != null && !usersMap.contains(userId)) {
@@ -124,7 +125,8 @@ private boolean canTake(OwnershipDescription descr) {
             }
 
             // Handle secondary owners if required
-            Set<String> itemCoOwners = descr.getSecondaryOwnerIds();
+            Set<String> itemCoOwners = new TreeSet<>(new IdStrategyComparator());
+            itemCoOwners.addAll(descr.getSecondaryOwnerIds());
             if (acceptsCoOwners && !itemCoOwners.isEmpty()) {
                 for (String userID : usersMap) {
                     if (itemCoOwners.contains(userID)) {

diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/IdStrategyComparator.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/IdStrategyComparator.java
@@ -0,0 +1,28 @@
+package com.synopsys.arc.jenkins.plugins.ownership.util;
+
+import hudson.security.SecurityRealm;
+import java.util.Comparator;
+import jenkins.model.IdStrategy;
+import jenkins.model.Jenkins;
+
+
+public class IdStrategyComparator implements Comparator<String> {
+
+    private final SecurityRealm securityRealm;
+    private final IdStrategy groupIdStrategy;
+    private final IdStrategy userIdStrategy;
+
+    public IdStrategyComparator() {
+        securityRealm = Jenkins.getActiveInstance().getSecurityRealm();
+        groupIdStrategy = securityRealm.getGroupIdStrategy();
+        userIdStrategy = securityRealm.getUserIdStrategy();
+    }
+
+    public int compare(String o1, String o2) {
+        int r = userIdStrategy.compare(o1, o2);
+        if (r == 0) {
+            r = groupIdStrategy.compare(o1, o2);
+        }
+        return r;
+    }
+}
diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java
@@ -110,7 +110,7 @@ public boolean meetsMacro(String userId) {
         }
 
         // Check      
-        return comparedId.equals(userId);
+        return User.idStrategy().equals(comparedId, userId);
     }
 
 }
diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescriptionTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescriptionTest.java
@@ -0,0 +1,80 @@
+package com.synopsys.arc.jenkins.plugins.ownership;
+
+import hudson.model.User;
+import hudson.security.HudsonPrivateSecurityRealm;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import jenkins.model.IdStrategy;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.Assert.assertThat;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.jvnet.hudson.test.JenkinsRule;
+
+
+public class OwnershipDescriptionTest {
+    private static final IdStrategy CASE_SENSITIVE = new IdStrategy.CaseSensitive();
+
+    @Rule
+    public final JenkinsRule j = new JenkinsRule();
+
+    @Before
+    public void setUp() throws Exception {
+        applyIdStrategy(CASE_SENSITIVE);
+    }
+
+    private void applyIdStrategy(final IdStrategy idStrategy) throws IOException {
+        HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false, false, null) {
+            @Override
+            public IdStrategy getUserIdStrategy() {
+                return idStrategy;
+            }
+
+            @Override
+            public IdStrategy getGroupIdStrategy() {
+                return idStrategy;
+            }
+        };
+        realm.createAccount("owner", "owner");
+        j.jenkins.setSecurityRealm(realm);
+    }
+
+    @Test
+    public void isOwnerShouldRespectCaseSensitiveIdStrategy() throws Exception {
+        User user = User.get("owner");
+
+        OwnershipDescription description = new OwnershipDescription(true, "owner", Collections.<String>emptyList());
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true));
+
+        description = new OwnershipDescription(true, "OWNER", Collections.<String>emptyList());
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(false));
+
+        description = new OwnershipDescription(true, "another.owner", Arrays.asList("owner"));
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true));
+
+        description = new OwnershipDescription(true, "ANOTHER.OWNER", Arrays.asList("OWNER"));
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(false));
+    }
+
+    @Test
+    public void isOwnerShouldRespectCaseInsensitiveIdStrategy() throws Exception {
+        applyIdStrategy(IdStrategy.CASE_INSENSITIVE);
+        User user = User.get("owner");
+
+        OwnershipDescription description = new OwnershipDescription(true, "owner", Collections.<String>emptyList());
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true));
+
+        description = new OwnershipDescription(true, "OWNER", Collections.<String>emptyList());
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true));
+
+        description = new OwnershipDescription(true, "another.owner", Arrays.asList("owner"));
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true));
+
+        description = new OwnershipDescription(true, "ANOTHER.OWNER", Arrays.asList("OWNER"));
+        assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true));
+    }
+
+
+}
diff --git a/...rg/jenkinsci/plugins/ownership/security/jobrestrictions/OwnersListJobRestrictionTest.java b/...rg/jenkinsci/plugins/ownership/security/jobrestrictions/OwnersListJobRestrictionTest.java
@@ -34,7 +34,10 @@
 import hudson.model.Label;
 import hudson.model.Queue;
 import hudson.model.labels.LabelAtom;
+import hudson.security.HudsonPrivateSecurityRealm;
 import hudson.slaves.DumbSlave;
+import jenkins.model.*;
+import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@@ -52,7 +55,8 @@
  * @author Oleg Nenashev
  */
 public class OwnersListJobRestrictionTest {
-
+    private static final IdStrategy CASE_SENSITIVE = new IdStrategy.CaseSensitive();
+
     @Rule
     public final JenkinsRule j = new JenkinsRule();
 
@@ -67,6 +71,8 @@ public void setUp() throws Exception {
         jobRestrictionProperty = new JobRestrictionProperty(
                 new OwnersListJobRestriction(Arrays.asList(new UserSelector("owner")), false));;
         slave.getNodeProperties().add(jobRestrictionProperty);
+
+        applyIdStrategy(CASE_SENSITIVE);
     }
 
     @Test
@@ -144,5 +150,69 @@ public void nodeShouldDeclineRunsFromInheritedNotOwner() throws Exception {
         assertThat("Job restrictions should not allow the run, because the job has wrong owner",
                 jobRestrictionProperty.canTake(item), instanceOf(JobRestrictionBlockageCause.class));
     }
-
+
+    @Test
+    @Issue("JENKINS-20832")
+    public void nodeShouldAcceptRunsFromWithInsensitiveCaseOnOwner() throws Exception {
+        applyIdStrategy(IdStrategy.CASE_INSENSITIVE);
+
+        Folder folder = j.jenkins.createProject(Folder.class, "folder");
+        FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project2");
+        project.setAssignedLabel(testLabel);
+        FolderOwnershipHelper.setOwnership(folder,
+                new OwnershipDescription(true, "Owner", Collections.<String>emptyList()));
+
+        project.scheduleBuild2(0);
+        j.jenkins.getQueue().maintain();
+
+        List<Queue.BuildableItem> items = j.jenkins.getQueue().getBuildableItems();
+        assertThat("1 item should be in the queue", items.size(), equalTo(1));
+        Queue.BuildableItem item = items.get(0);
+
+        assertThat("Run has been prohibited, but Ownership plugin should allow it according to the inherited value",
+                jobRestrictionProperty.canTake(item), nullValue());
+    }
+
+    @Test
+    @Issue("JENKINS-20832")
+    public void nodeShouldAcceptRunsFromWithInsensitiveCaseOnCoOwner() throws Exception {
+        applyIdStrategy(IdStrategy.CASE_INSENSITIVE);
+
+        // Change to accept coowners
+        jobRestrictionProperty = new JobRestrictionProperty(
+                new OwnersListJobRestriction(Arrays.asList(new UserSelector("owner")), true));
+        slave.getNodeProperties().add(jobRestrictionProperty);
+
+        Folder folder = j.jenkins.createProject(Folder.class, "folder");
+        FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project3");
+        project.setAssignedLabel(testLabel);
+        FolderOwnershipHelper.setOwnership(folder,
+                new OwnershipDescription(true, "owner1", Arrays.asList("owner2", "Owner")));
+
+        project.scheduleBuild2(0);
+        j.jenkins.getQueue().maintain();
+
+        List<Queue.BuildableItem> items = j.jenkins.getQueue().getBuildableItems();
+        assertThat("1 item should be in the queue", items.size(), equalTo(1));
+        Queue.BuildableItem item = items.get(0);
+
+        assertThat("Run has been prohibited, but Ownership plugin should allow it according to the inherited value",
+                jobRestrictionProperty.canTake(item), nullValue());
+    }
+
+    private void applyIdStrategy(final IdStrategy idStrategy) throws IOException {
+        HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false, false, null) {
+            @Override
+            public IdStrategy getUserIdStrategy() {
+                return idStrategy;
+            }
+
+            @Override
+            public IdStrategy getGroupIdStrategy() {
+                return idStrategy;
+            }
+        };
+        realm.createAccount("owner", "owner");
+        j.jenkins.setSecurityRealm(realm);
+    }
 }