[JENKINS-34835] Authorities from team slug (#124)

* [JENKINS-34835] Use team slug for authorities if set PR #116 loads the team based on the slug if it's available but the authorities list is still using the team name. This means that you can set the team in the matrix in global security but you will then be denied access because the authorities list uses the team name. You can see this if you go to /whoAmI The team name is shown against the user. * [JENKINS-34835] Add slug to teams The GithubAuthenticationToken constructor now uses the github team slug if it's set. I've updated the tests so the slug is set here as well.
jenkinsci · Nov 27, 2021 · fcf8b77 · fcf8b77
1 parent 78c9b5f
commit fcf8b77
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java b/src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java
@@ -241,8 +241,10 @@ public GithubAuthenticationToken(final String accessToken, final String githubSe
                         LOGGER.log(Level.FINE, "Fetch teams for user " + userName + " in organization " + orgLogin);
                         authorities.add(new GrantedAuthorityImpl(orgLogin));
                         for (GHTeam team : teamEntry.getValue()) {
+                            String teamIdentifier = team.getSlug() == null ? team.getName() : team.getSlug();
+
                             authorities.add(new GrantedAuthorityImpl(orgLogin + GithubOAuthGroupDetails.ORG_TEAM_SEPARATOR
-                                    + team.getName()));
+                                    + teamIdentifier));
                         }
                     }
             }

diff --git a/src/test/java/org/jenkinsci/plugins/GithubAccessTokenPropertyTest.java b/src/test/java/org/jenkinsci/plugins/GithubAccessTokenPropertyTest.java
@@ -50,6 +50,7 @@
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -104,7 +105,7 @@ public void setupMockGithubServer() throws Exception {
     private static class MockGithubServlet extends DefaultServlet {
         private String currentLogin;
         private List<String> organizations;
-        private List<String> teams;
+        private List<Map<String, String>> teams;
 
         private JenkinsRule jenkinsRule;
         private URI serverUri;
@@ -210,12 +211,14 @@ private void onTeamMember(HttpServletRequest req, HttpServletResponse resp, Stri
 
         private void onOrgsTeam(HttpServletRequest req, HttpServletResponse resp, final String orgName) throws IOException {
             List<Map<String, Object>> responseBody = new ArrayList<>();
-            for (String teamName : teams) {
-                final String teamName_ = teamName;
+            for (Map<String, String> team : teams) {
+                final String teamName_ = team.get("name");
+                final String slug = team.get("slug");
                 responseBody.add(new HashMap<String, Object>() {{
                     put("id", 7);
                     put("login", teamName_ + "_login");
                     put("name", teamName_);
+                    put("slug", slug);
                     put("organization", new HashMap<String, Object>() {{
                         put("login", orgName);
                     }});
@@ -227,11 +230,13 @@ private void onOrgsTeam(HttpServletRequest req, HttpServletResponse resp, final
 
         private void onUserTeams(HttpServletRequest req, HttpServletResponse resp) throws IOException {
             List<Map<String, Object>> responseBody = new ArrayList<>();
-            for (String teamName : teams) {
-                final String teamName_ = teamName;
+            for (Map<String, String> team : teams) {
+                final String teamName_ = team.get("name");
+                final String slug = team.get("slug");
                 responseBody.add(new HashMap<String, Object>() {{
                     put("login", teamName_ + "_login");
                     put("name", teamName_);
+                    put("slug", slug);
                     put("organization", new HashMap<String, Object>() {{
                         put("login", organizations.get(0));
                     }});
@@ -293,7 +298,10 @@ public void testUsingGithubToken() throws IOException {
         String aliceLogin = "alice";
         servlet.currentLogin = aliceLogin;
         servlet.organizations = Collections.singletonList("org-a");
-        servlet.teams = Collections.singletonList("team-b");
+        Map<String, String> team = new HashMap<>();
+        team.put("slug", "team-b");
+        team.put("name", "Team D");
+        servlet.teams = Collections.singletonList(team);
 
         User aliceUser = User.getById(aliceLogin, true);
         String aliceApiRestToken = aliceUser.getProperty(ApiTokenProperty.class).getApiToken();
@@ -321,7 +329,10 @@ public void testUsingGithubLogin() throws IOException {
         String bobLogin = "bob";
         servlet.currentLogin = bobLogin;
         servlet.organizations = Collections.singletonList("org-c");
-        servlet.teams = Collections.singletonList("team-d");
+        Map<String, String> team = new HashMap<>();
+        team.put("slug", "team-d");
+        team.put("name", "Team D");
+        servlet.teams = Collections.singletonList(team);
 
         User bobUser = User.getById(bobLogin, true);
         String bobApiRestToken = bobUser.getProperty(ApiTokenProperty.class).getApiToken();