Skip to content
Browse files
[JENKINS-50324] User without READ cannot logout - or even ask who the…
…y are

(cherry picked from commit b5ed977)
  • Loading branch information
Wadeck authored and olivergondza committed Apr 19, 2018
1 parent 5e8cd50 commit 8a2f9865e8dfc4b25de603b693dcc09a99be85af
Showing with 27 additions and 1 deletion.
  1. +1 −1 core/src/main/java/hudson/cli/
  2. +26 −0 test/src/test/java/hudson/cli/
@@ -275,7 +275,7 @@ public int main(List<String> args, Locale locale, InputStream stdin, PrintStream
if (auth==Jenkins.ANONYMOUS)
auth = loadStoredAuthentication();
sc.setAuthentication(auth); // run the CLI with the right credential
if (!(this instanceof LoginCommand || this instanceof HelpCommand))
if (!(this instanceof LoginCommand || this instanceof LogoutCommand || this instanceof HelpCommand || this instanceof WhoAmICommand))
return run();
} catch (CmdLineException e) {
@@ -295,6 +295,32 @@ public void noPreAuthOptionHandlerInfoLeak() throws Exception {
assertExitCode(6, false, jar, "get-view", "v2"); // Error code 3 before SECURITY-754

public void userWithoutReadCanLogout() throws Exception {
String userWithRead = "userWithRead";
String userWithoutRead = "userWithoutRead";

File jar = tmp.newFile("jenkins-cli.jar");
FileUtils.copyURLToFile(j.jenkins.getJnlpJars("jenkins-cli.jar").getURL(), jar);
j.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy()
// nothing to userWithoutRead

checkCanLogout(jar, ADMIN);
checkCanLogout(jar, userWithRead);
checkCanLogout(jar, userWithoutRead);

private void checkCanLogout(File cliJar, String userLoginAndPassword) throws Exception {
assertExitCode(0, false, cliJar, "-remoting", "login", "--username", userLoginAndPassword, "--password", userLoginAndPassword);
assertExitCode(0, false, cliJar, "-remoting", "who-am-i");
assertExitCode(0, false, cliJar, "-remoting", "logout");

public static class TestDiagnosticCommand extends CLICommand {

0 comments on commit 8a2f986

Please sign in to comment.