From 1852767e27334bbf544ce30396b6f1c6b07bfba9 Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Tue, 21 Nov 2023 10:27:49 +0100 Subject: [PATCH 01/12] Initial commit --- README.md | 11 ++- .../ReverseProxySecurityRealm.java | 33 +++++++- .../data/ForwardedUserData.java | 78 +++++++++++++++++++ .../ReverseProxySecurityRealm/config.jelly | 6 ++ .../ReverseProxySecurityRealmTest.java | 2 + 5 files changed, 127 insertions(+), 3 deletions(-) create mode 100644 src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java diff --git a/README.md b/README.md index b7f2c58..025796c 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,10 @@ When it comes to authorisation, the offers two options to developers: HTTP heade ## The default values for the HTTP header fields are: 1. Header User Name: X-Forwarded-User -2. Header Groups Name: X-Forwarded-Groups -3. Header Groups Delimiter: | +2. Header User Mail: X-Forwarded-Mail +3. Header User Display Name: X-Forwarded-DisplayName +4. Header Groups Name: X-Forwarded-Groups +5. Header Groups Delimiter: | The LDAP options can be displayed via the Advanced... button, located on the right side of the security settings. @@ -73,6 +75,8 @@ The default values for the HTTP header fields are: # Remove these header before to set the right value after, it prevent the client from setting this header RequestHeader unset "X-Forwarded-User" RequestHeader unset "X-Forwarded-Groups" + RequestHeader unset "X-Forwarded-Mail" + RequestHeader unset "X-Forwarded-DisplayName" # Remove the basic authorization header to avoid to use it in Jenkins RequestHeader unset "Authorization" @@ -84,6 +88,9 @@ The default values for the HTTP header fields are: RequestHeader set "X-Forwarded-User" "%{RU}e" # Groups are separated by | RequestHeader set "X-Forwarded-Groups" "%{RU}e|users" + # Inject mail & display name + RequestHeader set "X-Forwarded-Mail" %{AUTHENTICATE_MAIL}e + RequestHeader set "X-Forwarded-DisplayName" %{AUTHENTICATE_DISPLAYNAME}e # strip the REALM of Kerberos Login # RequestHeader edit X-Forwarded-User "@REALM$" "" diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java index 8f95c8d..9f82fcb 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java @@ -30,6 +30,7 @@ import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.model.Descriptor; +import hudson.model.UserPropertyDescriptor; import hudson.model.User; import hudson.security.*; import hudson.tasks.Mailer; @@ -98,6 +99,7 @@ import org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthenticationProvider; import org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthoritiesPopulator; import org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthoritiesPopulatorImpl; +import org.jenkinsci.plugins.reverse_proxy_auth.data.ForwardedUserData; import org.jenkinsci.plugins.reverse_proxy_auth.data.GroupSearchTemplate; import org.jenkinsci.plugins.reverse_proxy_auth.data.SearchTemplate; import org.jenkinsci.plugins.reverse_proxy_auth.data.UserSearchTemplate; @@ -262,6 +264,16 @@ public class ReverseProxySecurityRealm extends SecurityRealm { */ public String retrievedUser; + /** + * The name of the header which the email has to be extracted from. + */ + public final String forwardedEmail; + + /** + * The name of the header which the display name has to be extracted from. + */ + public final String forwardedDisplayName; + /** * Header name of the groups field. */ @@ -285,11 +297,13 @@ public class ReverseProxySecurityRealm extends SecurityRealm { public final String customLogOutUrl; @DataBoundConstructor - public ReverseProxySecurityRealm(String forwardedUser, String headerGroups, String headerGroupsDelimiter, String customLogInUrl, String customLogOutUrl, String server, String rootDN, boolean inhibitInferRootDN, + public ReverseProxySecurityRealm(String forwardedUser, String forwardedEmail, String forwardedDisplayName, String headerGroups, String headerGroupsDelimiter, String customLogInUrl, String customLogOutUrl, String server, String rootDN, boolean inhibitInferRootDN, String userSearchBase, String userSearch, String groupSearchBase, String groupSearchFilter, String groupMembershipFilter, String groupNameAttribute, String managerDN, Secret managerPassword, Integer updateInterval, boolean disableLdapEmailResolver, String displayNameLdapAttribute, String emailAddressLdapAttribute) { this.forwardedUser = fixEmptyAndTrim(forwardedUser); + this.forwardedEmail = forwardedEmail; + this.forwardedDisplayName = forwardedDisplayName; this.headerGroups = headerGroups; if (!StringUtils.isBlank(headerGroupsDelimiter)) { @@ -532,6 +546,12 @@ public void doFilter(ServletRequest request, } } else { + //Without LDAP, retrieve user data from the headers + ForwardedUserData forwardedData=retrieveForwardedData(r); + User user=User.get(userFromHeader); + if(user!=null){ + forwardedData.update(user); + } String groups = r.getHeader(headerGroups); List localAuthorities = new ArrayList(); @@ -579,6 +599,17 @@ public void destroy() { return new ChainedServletFilter(defaultFilter, filter); } + private ForwardedUserData retrieveForwardedData(HttpServletRequest r) { + ForwardedUserData toReturn=new ForwardedUserData(); + if(forwardedEmail!=null){ + toReturn.setEmail(r.getHeader(forwardedEmail)); + } + if(forwardedDisplayName!=null){ + toReturn.setDisplayName(r.getHeader(forwardedDisplayName)); + } + return toReturn; + } + @Override public boolean canLogOut() { if (customLogOutUrl == null) { diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java new file mode 100644 index 0000000..fa7052b --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java @@ -0,0 +1,78 @@ +package org.jenkinsci.plugins.reverse_proxy_auth.data; + +import java.io.IOException; + +import hudson.model.User; +import hudson.tasks.Mailer; + +/** + * User data forwarded by the reverse proxy + * **/ +public class ForwardedUserData { + /** Empty header may be a null string **/ + private static final String NULL_HEADER="(null)"; + + private String email; + private String displayName; + public String getEmail() { + return email; + } + public void setEmail(String email) { + this.email = email; + } + public String getDisplayName() { + return displayName; + } + public void setDisplayName(String displayName) { + this.displayName = displayName; + } + + /** + * Update the forwarded data to the jenkins user. + * @return true if updated and saved + * **/ + public boolean update(User user) { + boolean toReturn=false; + if(updateDisplayName(user) || updateEmail(user)){ + toReturn=true; + try { + user.save(); + } catch (IOException e) { + throw new IllegalStateException(e); + } + } + + return toReturn; + } + + private boolean updateDisplayName(User user) { + boolean toReturn = false; + if(isNotNullHeader(displayName) && !displayName.equals(user.getFullName())){ + user.setFullName(displayName); + toReturn=true; + } + return toReturn; + } + + private boolean updateEmail(User user){ + boolean toReturn = false; + if(isNotNullHeader(email)){ + Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); + if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { + emailProp=new Mailer.UserProperty(email); + try { + user.addProperty(emailProp); + } catch (IOException e) { + throw new IllegalStateException(e); + } + toReturn=true; + } + } + return toReturn; + } + + private static boolean isNotNullHeader(String value){ + return value!=null && !value.equals(NULL_HEADER); + } + +} \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm/config.jelly b/src/main/resources/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm/config.jelly index 8b90f03..584053e 100644 --- a/src/main/resources/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm/config.jelly @@ -26,6 +26,12 @@ THE SOFTWARE. + + + + + + diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java index e584804..a4d8751 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java @@ -71,6 +71,8 @@ private ReverseProxySecurityRealm createBasicRealm() { return new ReverseProxySecurityRealm( "X-Forwarded-User", // forwardedUser "X-Forwarded-Groups", // headerGroups + "X-Forwarded-Email", // forwardedEmail + "X-Forwarded-DisplayName", // forwardedDisplayName "|", // headerGroupsDelimiter "", // customLogInUrl "", // customLogOutUrl From 8e7b39490ab34c487b61c7d383ca64577314abcc Mon Sep 17 00:00:00 2001 From: akrasinsky <143082310+akrasinsky@users.noreply.github.com> Date: Mon, 8 Jan 2024 10:33:06 +0100 Subject: [PATCH 02/12] Apply suggestions from code review Co-authored-by: Steve Boardwell --- .../reverse_proxy_auth/ReverseProxySecurityRealm.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java index 9f82fcb..8b6f301 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java @@ -302,8 +302,8 @@ public ReverseProxySecurityRealm(String forwardedUser, String forwardedEmail, St Integer updateInterval, boolean disableLdapEmailResolver, String displayNameLdapAttribute, String emailAddressLdapAttribute) { this.forwardedUser = fixEmptyAndTrim(forwardedUser); - this.forwardedEmail = forwardedEmail; - this.forwardedDisplayName = forwardedDisplayName; + this.forwardedEmail = fixEmptyAndTrim(forwardedEmail); + this.forwardedDisplayName = fixEmptyAndTrim(forwardedDisplayName); this.headerGroups = headerGroups; if (!StringUtils.isBlank(headerGroupsDelimiter)) { @@ -549,7 +549,7 @@ public void doFilter(ServletRequest request, //Without LDAP, retrieve user data from the headers ForwardedUserData forwardedData=retrieveForwardedData(r); User user=User.get(userFromHeader); - if(user!=null){ + if (user != null) { forwardedData.update(user); } String groups = r.getHeader(headerGroups); @@ -601,10 +601,10 @@ public void destroy() { private ForwardedUserData retrieveForwardedData(HttpServletRequest r) { ForwardedUserData toReturn=new ForwardedUserData(); - if(forwardedEmail!=null){ + if (forwardedEmail != null) { toReturn.setEmail(r.getHeader(forwardedEmail)); } - if(forwardedDisplayName!=null){ + if (forwardedDisplayName != null) { toReturn.setDisplayName(r.getHeader(forwardedDisplayName)); } return toReturn; From cfb81d281a021befb349f1cb934315a5d9ef607a Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Mon, 8 Jan 2024 15:36:42 +0100 Subject: [PATCH 03/12] Added tests --- .../ReverseProxySecurityRealm.java | 6 ++-- .../data/ForwardedUserData.java | 10 +++--- .../data/ForwardedUserDataTest.java | 35 +++++++++++++++++++ 3 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java index 8b6f301..79c1a9b 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java @@ -547,8 +547,8 @@ public void doFilter(ServletRequest request, } else { //Without LDAP, retrieve user data from the headers - ForwardedUserData forwardedData=retrieveForwardedData(r); - User user=User.get(userFromHeader); + ForwardedUserData forwardedData = retrieveForwardedData(r); + User user = User.get(userFromHeader); if (user != null) { forwardedData.update(user); } @@ -600,7 +600,7 @@ public void destroy() { } private ForwardedUserData retrieveForwardedData(HttpServletRequest r) { - ForwardedUserData toReturn=new ForwardedUserData(); + ForwardedUserData toReturn = new ForwardedUserData(); if (forwardedEmail != null) { toReturn.setEmail(r.getHeader(forwardedEmail)); } diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java index fa7052b..60e49c9 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java @@ -32,9 +32,9 @@ public void setDisplayName(String displayName) { * @return true if updated and saved * **/ public boolean update(User user) { - boolean toReturn=false; + boolean toReturn = false; if(updateDisplayName(user) || updateEmail(user)){ - toReturn=true; + toReturn = true; try { user.save(); } catch (IOException e) { @@ -49,7 +49,7 @@ private boolean updateDisplayName(User user) { boolean toReturn = false; if(isNotNullHeader(displayName) && !displayName.equals(user.getFullName())){ user.setFullName(displayName); - toReturn=true; + toReturn = true; } return toReturn; } @@ -59,7 +59,7 @@ private boolean updateEmail(User user){ if(isNotNullHeader(email)){ Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { - emailProp=new Mailer.UserProperty(email); + emailProp = new Mailer.UserProperty(email); try { user.addProperty(emailProp); } catch (IOException e) { @@ -72,7 +72,7 @@ private boolean updateEmail(User user){ } private static boolean isNotNullHeader(String value){ - return value!=null && !value.equals(NULL_HEADER); + return value != null && !value.equals(NULL_HEADER); } } \ No newline at end of file diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java new file mode 100644 index 0000000..23f92d9 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -0,0 +1,35 @@ +import hudson.model.User; +import hudson.tasks.Mailer; + +public class ForwardedUserDataTest { + private ForwardedUserData forwardedUserData + private User user + + @Before + public void setup() { + forwardedUserData = ForwardedUserData.new() + user = User.new() + } + + @Test + public void basicForwardedUserData() { + forwardedUserData.setEmail("max.mustermann@example.com") + assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com") + + forwardedUserData.setDisplayName("Max Mustermann") + assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann") + } + + @Test + public void testUpdate() { + user.setFullName("John Doe") + forwardedUserData.setDisplayName("Max Mustermann") + forwardedUserData.setEmail("max.mustermann@example.com") + forwardedUserData.update(user) + + assertEquals(user.getFullName(), "Max Mustermann") + + Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); + assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com") + } +} \ No newline at end of file From 83a292fe3ec3a3f602b645e7ab72360e28dda7a8 Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Mon, 8 Jan 2024 15:52:25 +0100 Subject: [PATCH 04/12] Fixed missing symbols --- .../data/ForwardedUserDataTest.java | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 23f92d9..0cd35e6 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -2,34 +2,34 @@ import hudson.tasks.Mailer; public class ForwardedUserDataTest { - private ForwardedUserData forwardedUserData - private User user + private ForwardedUserData forwardedUserData; + private User user; @Before public void setup() { - forwardedUserData = ForwardedUserData.new() - user = User.new() + forwardedUserData = ForwardedUserData.new(); + user = User.new(); } @Test public void basicForwardedUserData() { - forwardedUserData.setEmail("max.mustermann@example.com") - assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com") + forwardedUserData.setEmail("max.mustermann@example.com"); + assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com"); - forwardedUserData.setDisplayName("Max Mustermann") - assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann") + forwardedUserData.setDisplayName("Max Mustermann"); + assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann"); } @Test public void testUpdate() { - user.setFullName("John Doe") - forwardedUserData.setDisplayName("Max Mustermann") - forwardedUserData.setEmail("max.mustermann@example.com") - forwardedUserData.update(user) + user.setFullName("John Doe"); + forwardedUserData.setDisplayName("Max Mustermann"); + forwardedUserData.setEmail("max.mustermann@example.com"); + forwardedUserData.update(user); - assertEquals(user.getFullName(), "Max Mustermann") + assertEquals(user.getFullName(), "Max Mustermann"); Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); - assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com") + assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com"); } } \ No newline at end of file From cd31fcf6f63a1c6d87b939879f72a757752f88db Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Mon, 8 Jan 2024 15:59:55 +0100 Subject: [PATCH 05/12] Minor fixes --- .../data/ForwardedUserDataTest.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 0cd35e6..6e96d81 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -1,3 +1,9 @@ +package org.jenkinsci.plugins.reverse_proxy_auth.data; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + import hudson.model.User; import hudson.tasks.Mailer; @@ -7,17 +13,17 @@ public class ForwardedUserDataTest { @Before public void setup() { - forwardedUserData = ForwardedUserData.new(); - user = User.new(); + forwardedUserData = new ForwardedUserData(); + user = new User(); } @Test public void basicForwardedUserData() { forwardedUserData.setEmail("max.mustermann@example.com"); - assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com"); + Assert.assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com"); forwardedUserData.setDisplayName("Max Mustermann"); - assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann"); + Assert.assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann"); } @Test @@ -27,9 +33,9 @@ public void testUpdate() { forwardedUserData.setEmail("max.mustermann@example.com"); forwardedUserData.update(user); - assertEquals(user.getFullName(), "Max Mustermann"); + Assert.assertEquals(user.getFullName(), "Max Mustermann"); Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); - assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com"); + Assert.assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com"); } } \ No newline at end of file From 3a93fba576424e8edf22763cc8aee6e9f82f3b3f Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Mon, 8 Jan 2024 16:14:46 +0100 Subject: [PATCH 06/12] Changed user creation --- .../plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 6e96d81..250dbcb 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -14,7 +14,7 @@ public class ForwardedUserDataTest { @Before public void setup() { forwardedUserData = new ForwardedUserData(); - user = new User(); + user = User.get("Max Mustermann", true); } @Test From 263dfdcb5eb474eab1a27dc8b6568cf90f60eb7a Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Tue, 9 Jan 2024 09:41:20 +0100 Subject: [PATCH 07/12] Changed function call --- .../plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 250dbcb..1714a4c 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -14,7 +14,7 @@ public class ForwardedUserDataTest { @Before public void setup() { forwardedUserData = new ForwardedUserData(); - user = User.get("Max Mustermann", true); + user = User.get("Max Mustermann", false, Collections.emptyMap()); } @Test From 2869656f3779a9e0a7ddec4e9ddd420e77cf6620 Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Tue, 9 Jan 2024 09:47:25 +0100 Subject: [PATCH 08/12] Added missing import --- .../plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 1714a4c..d176d5d 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -1,5 +1,6 @@ package org.jenkinsci.plugins.reverse_proxy_auth.data; +import java.util.Collections; import org.junit.Assert; import org.junit.Before; import org.junit.Test; From 6d7bb784927ca6e32feb85cd379f527053e5dff1 Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Tue, 9 Jan 2024 10:23:40 +0100 Subject: [PATCH 09/12] Changed method --- .../plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index d176d5d..6e763f6 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -15,7 +15,7 @@ public class ForwardedUserDataTest { @Before public void setup() { forwardedUserData = new ForwardedUserData(); - user = User.get("Max Mustermann", false, Collections.emptyMap()); + user = User.getOrCreateByIdOrFullName("Max Mustermann"); } @Test From f8045ef013447d3c4c269883431efc44b236fec9 Mon Sep 17 00:00:00 2001 From: Alexander KRASINSKY Date: Tue, 9 Jan 2024 12:01:22 +0100 Subject: [PATCH 10/12] Fixed tests --- .../data/ForwardedUserDataTest.java | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 6e763f6..2018e17 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -4,16 +4,25 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; +import org.junit.Rule; import hudson.model.User; import hudson.tasks.Mailer; +import jenkins.model.Jenkins; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.MockAuthorizationStrategy; public class ForwardedUserDataTest { private ForwardedUserData forwardedUserData; private User user; + @Rule + public JenkinsRule j = new JenkinsRule(); + @Before public void setup() { + j.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("Max Mustermann")); + forwardedUserData = new ForwardedUserData(); user = User.getOrCreateByIdOrFullName("Max Mustermann"); } @@ -21,22 +30,22 @@ public void setup() { @Test public void basicForwardedUserData() { forwardedUserData.setEmail("max.mustermann@example.com"); - Assert.assertEquals(forwardedUserData.getEmail(), "max.mustermann@example.com"); + Assert.assertEquals("max.mustermann@example.com", forwardedUserData.getEmail()); forwardedUserData.setDisplayName("Max Mustermann"); - Assert.assertEquals(forwardedUserData.getDisplayName(), "Max Mustermann"); + Assert.assertEquals("Max Mustermann", forwardedUserData.getDisplayName()); } @Test public void testUpdate() { user.setFullName("John Doe"); forwardedUserData.setDisplayName("Max Mustermann"); - forwardedUserData.setEmail("max.mustermann@example.com"); forwardedUserData.update(user); + Assert.assertEquals("Max Mustermann", user.getFullName()); - Assert.assertEquals(user.getFullName(), "Max Mustermann"); - + forwardedUserData.setEmail("max.mustermann@example.com"); + forwardedUserData.update(user); Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); - Assert.assertEquals(emailProp.getConfiguredAddress(), "max.mustermann@example.com"); + Assert.assertEquals("max.mustermann@example.com", emailProp.getAddress()); } } \ No newline at end of file From f826b75a9e7e0a38cb77a5a771b1eaa232186238 Mon Sep 17 00:00:00 2001 From: sboardwell Date: Tue, 23 Jan 2024 15:25:51 +0100 Subject: [PATCH 11/12] Pre commit changes --- .../reverse_proxy_auth/data/ForwardedUserData.java | 8 ++++---- .../reverse_proxy_auth/data/ForwardedUserDataTest.java | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java index 60e49c9..77710b4 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java @@ -5,7 +5,7 @@ import hudson.model.User; import hudson.tasks.Mailer; -/** +/** * User data forwarded by the reverse proxy * **/ public class ForwardedUserData { @@ -27,7 +27,7 @@ public void setDisplayName(String displayName) { this.displayName = displayName; } - /** + /** * Update the forwarded data to the jenkins user. * @return true if updated and saved * **/ @@ -58,7 +58,7 @@ private boolean updateEmail(User user){ boolean toReturn = false; if(isNotNullHeader(email)){ Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); - if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { + if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { emailProp = new Mailer.UserProperty(email); try { user.addProperty(emailProp); @@ -75,4 +75,4 @@ private static boolean isNotNullHeader(String value){ return value != null && !value.equals(NULL_HEADER); } -} \ No newline at end of file +} diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 2018e17..210c627 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -48,4 +48,4 @@ public void testUpdate() { Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); Assert.assertEquals("max.mustermann@example.com", emailProp.getAddress()); } -} \ No newline at end of file +} From 7d3b192c91d3fe68ac7fc9c5d16beb38bed22608 Mon Sep 17 00:00:00 2001 From: sboardwell Date: Tue, 23 Jan 2024 16:43:43 +0100 Subject: [PATCH 12/12] fix: reformatting using mvn spotless:apply --- .../ReverseProxySecurityRealm.java | 60 ++++----- .../data/ForwardedUserData.java | 124 +++++++++--------- .../ReverseProxySecurityRealmTest.java | 46 +++---- .../data/ForwardedUserDataTest.java | 13 +- 4 files changed, 122 insertions(+), 121 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java index 8714a8f..363d957 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java @@ -31,7 +31,6 @@ import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.model.Descriptor; -import hudson.model.UserPropertyDescriptor; import hudson.model.User; import hudson.security.*; import hudson.tasks.Mailer; @@ -141,15 +140,15 @@ public class ReverseProxySecurityRealm extends SecurityRealm { /** Search Template used when the groups are in the header. */ private ReverseProxySearchTemplate proxyTemplate; - /** - * The name of the header which the email has to be extracted from. - */ - public final String forwardedEmail; + /** + * The name of the header which the email has to be extracted from. + */ + public final String forwardedEmail; - /** - * The name of the header which the display name has to be extracted from. - */ - public final String forwardedDisplayName; + /** + * The name of the header which the display name has to be extracted from. + */ + public final String forwardedDisplayName; /** Created in {@link #createSecurityComponents()}. Can be used to connect to LDAP. */ private transient LdapTemplate ldapTemplate; @@ -268,7 +267,8 @@ public class ReverseProxySecurityRealm extends SecurityRealm { /** Custom post logout url */ public final String customLogInUrl; - public final String customLogOutUrl; + + public final String customLogOutUrl; @DataBoundConstructor public ReverseProxySecurityRealm( @@ -296,8 +296,8 @@ public ReverseProxySecurityRealm( String emailAddressLdapAttribute) { this.forwardedUser = fixEmptyAndTrim(forwardedUser); - this.forwardedEmail = fixEmptyAndTrim(forwardedEmail); - this.forwardedDisplayName = fixEmptyAndTrim(forwardedDisplayName); + this.forwardedEmail = fixEmptyAndTrim(forwardedEmail); + this.forwardedDisplayName = fixEmptyAndTrim(forwardedDisplayName); this.headerGroups = headerGroups; if (!StringUtils.isBlank(headerGroupsDelimiter)) { @@ -543,14 +543,14 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } - } else { - //Without LDAP, retrieve user data from the headers - ForwardedUserData forwardedData = retrieveForwardedData(r); - User user = User.get(userFromHeader); - if (user != null) { - forwardedData.update(user); - } - String groups = r.getHeader(headerGroups); + } else { + // Without LDAP, retrieve user data from the headers + ForwardedUserData forwardedData = retrieveForwardedData(r); + User user = User.get(userFromHeader); + if (user != null) { + forwardedData.update(user); + } + String groups = r.getHeader(headerGroups); List localAuthorities = new ArrayList(); localAuthorities.add(AUTHENTICATED_AUTHORITY); @@ -597,16 +597,16 @@ public void destroy() {} return new ChainedServletFilter(defaultFilter, filter); } - private ForwardedUserData retrieveForwardedData(HttpServletRequest r) { - ForwardedUserData toReturn = new ForwardedUserData(); - if (forwardedEmail != null) { - toReturn.setEmail(r.getHeader(forwardedEmail)); - } - if (forwardedDisplayName != null) { - toReturn.setDisplayName(r.getHeader(forwardedDisplayName)); - } - return toReturn; - } + private ForwardedUserData retrieveForwardedData(HttpServletRequest r) { + ForwardedUserData toReturn = new ForwardedUserData(); + if (forwardedEmail != null) { + toReturn.setEmail(r.getHeader(forwardedEmail)); + } + if (forwardedDisplayName != null) { + toReturn.setDisplayName(r.getHeader(forwardedDisplayName)); + } + return toReturn; + } @Override public boolean canLogOut() { diff --git a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java index 77710b4..24e7629 100644 --- a/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java +++ b/src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserData.java @@ -1,78 +1,80 @@ package org.jenkinsci.plugins.reverse_proxy_auth.data; -import java.io.IOException; - import hudson.model.User; import hudson.tasks.Mailer; +import java.io.IOException; /** * User data forwarded by the reverse proxy * **/ public class ForwardedUserData { - /** Empty header may be a null string **/ - private static final String NULL_HEADER="(null)"; + /** Empty header may be a null string **/ + private static final String NULL_HEADER = "(null)"; + + private String email; + private String displayName; + + public String getEmail() { + return email; + } + + public void setEmail(String email) { + this.email = email; + } - private String email; - private String displayName; - public String getEmail() { - return email; - } - public void setEmail(String email) { - this.email = email; - } - public String getDisplayName() { - return displayName; - } - public void setDisplayName(String displayName) { - this.displayName = displayName; - } + public String getDisplayName() { + return displayName; + } - /** - * Update the forwarded data to the jenkins user. - * @return true if updated and saved - * **/ - public boolean update(User user) { - boolean toReturn = false; - if(updateDisplayName(user) || updateEmail(user)){ - toReturn = true; - try { - user.save(); - } catch (IOException e) { - throw new IllegalStateException(e); - } - } + public void setDisplayName(String displayName) { + this.displayName = displayName; + } - return toReturn; - } + /** + * Update the forwarded data to the jenkins user. + * @return true if updated and saved + * **/ + public boolean update(User user) { + boolean toReturn = false; + if (updateDisplayName(user) || updateEmail(user)) { + toReturn = true; + try { + user.save(); + } catch (IOException e) { + throw new IllegalStateException(e); + } + } - private boolean updateDisplayName(User user) { - boolean toReturn = false; - if(isNotNullHeader(displayName) && !displayName.equals(user.getFullName())){ - user.setFullName(displayName); - toReturn = true; - } - return toReturn; - } + return toReturn; + } - private boolean updateEmail(User user){ - boolean toReturn = false; - if(isNotNullHeader(email)){ - Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); - if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { - emailProp = new Mailer.UserProperty(email); - try { - user.addProperty(emailProp); - } catch (IOException e) { - throw new IllegalStateException(e); - } - toReturn=true; - } - } - return toReturn; - } + private boolean updateDisplayName(User user) { + boolean toReturn = false; + if (isNotNullHeader(displayName) && !displayName.equals(user.getFullName())) { + user.setFullName(displayName); + toReturn = true; + } + return toReturn; + } - private static boolean isNotNullHeader(String value){ - return value != null && !value.equals(NULL_HEADER); - } + private boolean updateEmail(User user) { + boolean toReturn = false; + if (isNotNullHeader(email)) { + Mailer.UserProperty emailProp = user.getProperty(Mailer.UserProperty.class); + if (emailProp == null || !email.equals(emailProp.getConfiguredAddress())) { + emailProp = new Mailer.UserProperty(email); + try { + user.addProperty(emailProp); + } catch (IOException e) { + throw new IllegalStateException(e); + } + toReturn = true; + } + } + return toReturn; + } + private static boolean isNotNullHeader(String value) { + return value != null && !value.equals(NULL_HEADER); + } } diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java index 56a61fa..73cc58f 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java @@ -67,29 +67,29 @@ public Authentication call() { private ReverseProxySecurityRealm createBasicRealm() { return new ReverseProxySecurityRealm( - "X-Forwarded-User", // forwardedUser - "X-Forwarded-Groups", // headerGroups - "X-Forwarded-Email", // forwardedEmail - "X-Forwarded-DisplayName", // forwardedDisplayName - "|", // headerGroupsDelimiter - "", // customLogInUrl - "", // customLogOutUrl - "", // server - "", // rootDN - false, // inhibitInferRootDN - "", // userSearchBase - "", // userSearch - "", // groupSearchBase - "", // groupSearchFilter - "", // groupMembershipFilter - "", // groupNameAttribute - "", // managerDN - Secret.fromString(""), // managerPassword - 15, // updateInterval - false, // disableLdapEmailResolver - "", // displayNameLdapAttribute - "" // emailAddressLdapAttribute - ); + "X-Forwarded-User", // forwardedUser + "X-Forwarded-Groups", // headerGroups + "X-Forwarded-Email", // forwardedEmail + "X-Forwarded-DisplayName", // forwardedDisplayName + "|", // headerGroupsDelimiter + "", // customLogInUrl + "", // customLogOutUrl + "", // server + "", // rootDN + false, // inhibitInferRootDN + "", // userSearchBase + "", // userSearch + "", // groupSearchBase + "", // groupSearchFilter + "", // groupMembershipFilter + "", // groupNameAttribute + "", // managerDN + Secret.fromString(""), // managerPassword + 15, // updateInterval + false, // disableLdapEmailResolver + "", // displayNameLdapAttribute + "" // emailAddressLdapAttribute + ); } @Test diff --git a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java index 210c627..d45255e 100644 --- a/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java +++ b/src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/data/ForwardedUserDataTest.java @@ -1,14 +1,12 @@ package org.jenkinsci.plugins.reverse_proxy_auth.data; -import java.util.Collections; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.junit.Rule; - import hudson.model.User; import hudson.tasks.Mailer; import jenkins.model.Jenkins; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; import org.jvnet.hudson.test.JenkinsRule; import org.jvnet.hudson.test.MockAuthorizationStrategy; @@ -21,7 +19,8 @@ public class ForwardedUserDataTest { @Before public void setup() { - j.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("Max Mustermann")); + j.jenkins.setAuthorizationStrategy( + new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("Max Mustermann")); forwardedUserData = new ForwardedUserData(); user = User.getOrCreateByIdOrFullName("Max Mustermann");