Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-55813] Consider the UserDetails attributes for validity #3866

Open
wants to merge 4 commits into
base: master
from

Conversation

@Wadeck
Copy link
Contributor

Wadeck commented Jan 28, 2019

See JENKINS-55813.
Required PR for #89 in active-directory-plugin and #34 in ldap-plugin.

Proposed changelog entries

  • JENKINS-55813: Consider the additional attributes from UserDetails to determine the validity of the account before using API tokens.

Submitter checklist

  • JIRA issue is well described
  • Changelog entry appropriate for the audience affected by the change (users or developer, depending on the change). Examples
    * Use the Internal: prefix if the change has no user-visible impact (API, test frameworks, etc.)
  • Appropriate autotests or explanation to why this change has no tests
  • [n/a] For dependency updates: links to external changelogs and, if possible, full diffs
@jvz
jvz approved these changes Jan 28, 2019
Copy link
Member

jvz left a comment

Looks good overall, just want to make sure you're intentionally introducing new public APIs.

Co-Authored-By: Wadeck <Wadeck@users.noreply.github.com>
@batmat
batmat approved these changes Apr 9, 2019
Copy link
Member

batmat left a comment

LGTM

@batmat

This comment has been minimized.

Copy link
Member

batmat commented Apr 9, 2019

Waiting for @Wadeck to confirm this is actually not work-in-progress anymore. If confimed then I think we'll be able to move to merging this.

…icator.java

Co-Authored-By: Wadeck <Wadeck@users.noreply.github.com>
@oleg-nenashev

This comment has been minimized.

Copy link
Member

oleg-nenashev commented May 6, 2019

@Wadeck gentle ping

@Wadeck

This comment has been minimized.

Copy link
Contributor Author

Wadeck commented May 9, 2019

@batmat @oleg-nenashev As discussed with Baptiste internally, it's still work-in-progress, internal reference: FNDJEN-599

The remaining task is to determine other usage of the UserDetails that should require specific treatment like the one already present.

Copy link
Member

jvz left a comment

There are some more potential places to consider the validity of UserDetails before proceeding:

  • User.UserIDCanonicalIdResolver.resolveCanonicalId may or may not want to return here.
  • AbstractPasswordBasedSecurityRealm.doAuthenticate() may wish to implement this same check.
  • FederatedLoginService.FederatedIdentity.signin() should probably verify this as well.
@oleg-nenashev

This comment has been minimized.

Copy link
Member

oleg-nenashev commented May 24, 2019

@jvz made an assumption that the changes in LDAP and AD plugins are the root cause of instabilities in the recent weekly community ratings. e.g. https://issues.jenkins-ci.org/browse/JENKINS-57607 , https://issues.jenkins-ci.org/browse/JENKINS-57569

@Wadeck

This comment has been minimized.

Copy link
Contributor Author

Wadeck commented May 24, 2019

@oleg-nenashev AFAICT not possible for JENKINS-57569 because the related PR was not merged yet for this one. The other is more "interesting".

@alecharp

This comment has been minimized.

Copy link
Member

alecharp commented Aug 1, 2019

@Wadeck would you have time to come back on this one?

@Wadeck

This comment has been minimized.

Copy link
Contributor Author

Wadeck commented Aug 1, 2019

@alecharp not those days unfortunately, perhaps in 1-2 weeks or later... :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.