Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins
Commit: 814d202716a6c61c7d371c6a62755d296fe199a5
https://github.com/jenkinsci/jenkins/commit/814d202716a6c61c7d371c6a62755d296fe199a5
Author: Wadeck Follonier <[email protected]>
Date: 2017-12-16 (Sat, 16 Dec 2017)
Changed paths:
A core/src/main/java/jenkins/security/ApiCrumbExclusion.java
M core/src/main/java/jenkins/security/BasicHeaderApiTokenAuthenticator.java
M test/pom.xml
M test/src/test/java/hudson/bugs/JnlpAccessWithSecuredHudsonTest.java
M test/src/test/java/hudson/diagnosis/HudsonHomeDiskUsageMonitorTest.java
M test/src/test/java/hudson/model/AbstractProjectTest.java
M test/src/test/java/hudson/model/ExecutorTest.java
M test/src/test/java/hudson/model/ItemsTest.java
M test/src/test/java/hudson/model/JobTest.java
M test/src/test/java/hudson/model/PasswordParameterDefinitionTest.java
M test/src/test/java/hudson/model/ProjectTest.java
M test/src/test/java/hudson/model/QueueTest.java
M test/src/test/java/hudson/model/UserTest.java
M test/src/test/java/hudson/model/ViewTest.java
M test/src/test/java/hudson/security/ExtendedReadPermissionTest.java
M test/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
M test/src/test/java/hudson/security/LoginTest.java
M test/src/test/java/hudson/util/RobustReflectionConverterTest.java
M test/src/test/java/jenkins/model/JenkinsTest.java
A test/src/test/java/jenkins/security/ApiCrumbExclusionTest.java
M test/src/test/java/jenkins/security/ApiTokenPropertyTest.java
M test/src/test/java/jenkins/security/BasicHeaderProcessorTest.java
M test/src/test/java/jenkins/security/Security380Test.java
M test/src/test/java/lib/form/PasswordTest.java
A
test/src/test/resources/lib/form/PasswordTest/SecretNotPlainText/index.jelly
R test/src/test/resources/lib/form/PasswordTest/test1.jelly
Log Message:
-----------
[JENKINS-22474] API Token does not require CSRF token (#3129)
* [JENKINS-22474] API Token does not require CSRF token
- in order to ease the use of the api, we are not requiring the request to have
a crumb
- in terms of security it's not a problem normally since the CSRF attacks use
the cookies and in case of API Token, it's session-less / cookie-less
* - adjust the license header
* - add test for basic authentication
- add test for login process
* - add test for form submission using ui (htmlunit), not just login form
* - modification requested by Jesse
* - pom.xml update to use the last version of jenkins-test-harness (with the
token helper methods)
- beginning of the simplification of tests
* - using the try-with-resource approach to ease readability
* - using closure method now
* - add missing login transformation
* - add unit test
* - use withToken
- remove useless crumb for GET method
- add fail (otherwise the assert in catch is not as useful as it could be)
* another bunch of test cases
* - for HudsonTestCase, some additional modifications are required: changing
the view / different type of management for the variable inside the views
* - small other tests
* - last batch for the login method
* - crumb is not more required since we are using API Token
* - converting auth to ApiToken to avoid crumb method
* - converting auth to ApiToken to avoid crumb method (second)
* - remove usage of closure aware methods
* - update the pom using the snapshot as adviced by Jesse
- modifications on other class to adapt to the last modifications in JTH
* - modifications requested during code review
* - also put back my changes to the conflicted file
* - correction of the merge :)
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
