Skip to content
Permalink
Browse files

Fixing JENKINS-26234 by excluding crumb requirement for /bitbucket-hook

  • Loading branch information
mcgin committed Dec 10, 2015
1 parent 924bdd2 commit 9ace547bbc36c44e8407541ce8be405ccc82d9bc
@@ -8,16 +8,22 @@
import java.util.logging.Level;
import java.util.logging.Logger;

import hudson.security.csrf.CrumbExclusion;
import net.sf.json.JSONObject;

import org.apache.commons.io.IOUtils;
import org.kohsuke.stapler.StaplerRequest;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* @author <a href="mailto:nicolas.deloof@gmail.com">Nicolas De Loof</a>
*/
@Extension
public class BitbucketHookReceiver implements UnprotectedRootAction {
public class BitbucketHookReceiver extends CrumbExclusion implements UnprotectedRootAction {

private final BitbucketPayloadProcessor payloadProcessor = new BitbucketPayloadProcessor();
private final String BITBUCKET_HOOK_URL = "bitbucket-hook";
@@ -60,4 +66,14 @@ public void doIndex(StaplerRequest req) throws IOException {

private static final Logger LOGGER = Logger.getLogger(BitbucketHookReceiver.class.getName());

@Override
public boolean process(HttpServletRequest req, HttpServletResponse resp, FilterChain chain)
throws IOException, ServletException {
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.startsWith("/"+BITBUCKET_HOOK_URL)) {
chain.doFilter(req, resp);
return true;
}
return false;
}
}
@@ -0,0 +1,29 @@
package com.cloudbees.jenkins.plugins;

import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequestSettings;
import com.gargoylesoftware.htmlunit.WebResponse;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.xml.sax.SAXException;

import java.io.IOException;
import java.net.URL;

import static org.junit.Assert.assertEquals;

public class CrumbExclusionTest {
@Rule
public JenkinsRule jenkins = new JenkinsRule();

@Test
public void shouldNotRequireACrumbForTheBitbucketHookUrl() throws IOException, SAXException {
JenkinsRule.WebClient webClient = jenkins.createWebClient();
WebRequestSettings wrs = new WebRequestSettings(new URL(webClient.getContextPath() + "bitbucket-hook"),
HttpMethod.POST);
WebResponse resp = webClient.getPage(wrs).getWebResponse();

assertEquals(resp.getStatusCode(), 200);
}
}

0 comments on commit 9ace547

Please sign in to comment.
You can’t perform that action at this time.