@Override public boolean configure(StaplerRequest req, JSONObject json) throws FormException { // for compatibility reasons, the actual value is stored in Jenkins Jenkins j = Jenkins.get(); if (json.has("csrf")) { JSONObject csrf = json.getJSONObject("csrf"); j.setCrumbIssuer(CrumbIssuer.all().newInstanceFromRadioList(csrf, "issuer")); } else { j.setCrumbIssuer(null); } return true; } }
jenkins.setCrumbIssuer(new DefaultCrumbIssuer(SystemProperties.getBoolean(Jenkins.class.getName() + ".crumbIssuerProxyCompatibility",false)));
@Test public void shouldExportEvenOnError() throws Exception { Jenkins j = Jenkins.getInstance(); j.setCrumbIssuer(new BrokenCrumbIssuer("bar")); final ByteArrayOutputStream out = new ByteArrayOutputStream(); ConfigurationAsCode.get().export(out); final String s = out.toString(); System.out.println(s); }
setCrumbIssuer(crumbIssuer);
@Override public boolean configure(StaplerRequest req, JSONObject json) throws FormException { // for compatibility reasons, the actual value is stored in Jenkins Jenkins j = Jenkins.getInstance(); if (json.has("csrf")) { JSONObject csrf = json.getJSONObject("csrf"); j.setCrumbIssuer(CrumbIssuer.all().newInstanceFromRadioList(csrf, "issuer")); } else { j.setCrumbIssuer(null); } return true; } }
jenkins.setCrumbIssuer(new TestCrumbIssuer());
jenkins.setCrumbIssuer(new TestCrumbIssuer());
private void copyViaHttp(Folder f, JenkinsRule.WebClient wc, String fromName, String toName) throws Exception { // Taken from https://github.com/jenkinsci/jenkins/blob/80aa2c8e4093df270193402c3933f3f1f16271da/test/src/test/java/hudson/jobs/CreateItemTest.java#L68 r.jenkins.setCrumbIssuer(null); URL apiURL = new URL( r.jenkins.getRootUrl().toString() + "/" + f.getUrl().toString() + "createItem?mode=copy&from=" + URLEncoder.encode(fromName, "UTF-8") + "&name=" + URLEncoder.encode(toName, "UTF-8")); WebRequest request = new WebRequest(apiURL, HttpMethod.POST); request.setEncodingType(null); assertEquals("Copy Job request has failed", 200, r.createWebClient() .getPage(request).getWebResponse().getStatusCode()); }
setCrumbIssuer(crumbIssuer);
jenkins.setCrumbIssuer(new DefaultCrumbIssuer(false));
private FreeStyleProject createPostCommitTriggerJob() throws Exception { // Disable crumbs because HTMLUnit refuses to mix request bodies with // request parameters r.jenkins.setCrumbIssuer(null); FreeStyleProject p = r.createFreeStyleProject(); String url = "https://svn.jenkins-ci.org/trunk/hudson/test-projects/trivial-ant"; SCMTrigger trigger = new SCMTrigger("0 */6 * * *"); p.setScm(new SubversionSCM(url)); p.addTrigger(trigger); trigger.start(p, true); return p; }
private FreeStyleProject createPostCommitTriggerJobMultipleSvnLocations() throws Exception { // Disable crumbs because HTMLUnit refuses to mix request bodies with // request parameters r.jenkins.setCrumbIssuer(null); FreeStyleProject p = r.createFreeStyleProject(); String[] urls = new String[] {"https://svn.jenkins-ci.org/trunk/hudson/test-projects/trivial-ant", "https://svn.jenkins-ci.org/trunk/hudson/test-projects/trivial-maven/"}; p.setScm(new SubversionSCM(urls, new String[] {"", ""})); SCMTrigger trigger = new SCMTrigger("0 */6 * * *"); p.addTrigger(trigger); trigger.start(p, true); return p; }
@Test public void canStillProvideTheCommitNotifyAction() throws Exception { j.jenkins.setCrumbIssuer(null); String uuid = "12345678-1234-1234-1234-123456789012"; JenkinsRule.WebClient wc = j.createWebClient(); String relativeUrl = "subversion/" + uuid + "/notifyCommit/"; try { // protected against GET request wc.goTo(relativeUrl); fail(); } catch (FailingHttpStatusCodeException e) { assertEquals(405, e.getStatusCode()); } WebRequest request = new WebRequest(new URL(j.getURL() + relativeUrl), HttpMethod.POST); HtmlPage page = wc.getPage(request); j.assertGoodStatus(page); }
/** * Trigger test. * @throws Exception if there is one. */ @Test public void testTriggerWorkflow() throws Exception { jenkinsRule.jenkins.setCrumbIssuer(null); MockGerritServer gerritServer = MockGerritServer.get(jenkinsRule); gerritServer.start(); try { PatchsetCreated event = Setup.createPatchsetCreated(gerritServer.getName()); WorkflowJob job = createWorkflowJob(event); PluginImpl.getHandler_().post(event); // Now wait for the Gerrit server to trigger the workflow build in Jenkins... TestUtils.waitForBuilds(job, 1); WorkflowRun run = job.getBuilds().iterator().next(); jenkinsRule.assertLogContains("Gerrit trigger: patchset-created", run); // Workflow build was triggered successfully. Now lets check make sure the // gerrit plugin sent a verified notification back to the Gerrit Server... JSONObject verifiedMessage = gerritServer.waitForNextVerified(); // System.out.println(gerritServer.lastContent); String message = verifiedMessage.getString("message"); Assert.assertTrue(message.startsWith("Build Successful")); Assert.assertTrue(message.contains("job/WFJob/1/")); JSONObject labels = verifiedMessage.getJSONObject("labels"); assertEquals(1, labels.getInt("Verified")); } finally { gerritServer.stop(); } }
jenkinsRule.jenkins.setCrumbIssuer(null); MockGerritServer gerritServer = MockGerritServer.get(jenkinsRule);
jenkinsRule.jenkins.setCrumbIssuer(null); MockGerritServer gerritServer = MockGerritServer.get(jenkinsRule);
jenkinsRule.jenkins.setCrumbIssuer(null); MockGerritServer gerritServer = MockGerritServer.get(jenkinsRule);
j.jenkins.setCrumbIssuer(null); GerritServer server1 = new GerritServer(PluginImpl.DEFAULT_SERVER_NAME); PluginImpl.getInstance().addServer(server1);
/** * Tests that configuring an existing project via jenkins http rest doesn't produce duplicated triggers * and that the trigger is configured for the new project pattern. * * @throws Exception if so */ @Test @LocalData public void testReconfigureUsingRestApi() throws Exception { assertNrOfEventListeners(0); TopLevelItem testProj = j.jenkins.getItem("testProj"); String gerritProjectPattern = "someotherproject"; XmlPage xmlPage = loadConfigXmlViaHttp(testProj); Document document = xmlPage.getXmlDocument(); String xml = changeConfigXml(gerritProjectPattern, document); URL url = UrlUtils.toUrlUnsafe(j.getURL().toExternalForm() + testProj.getUrl() + "config.xml"); WebRequest request = new WebRequest(url, HttpMethod.POST); request.setRequestBody(xml); j.jenkins.setCrumbIssuer(null); Page page = j.createWebClient().getPage(request); j.assertGoodStatus(page); assertNrOfEventListeners(0); assertEventListenerWithSomeOtherProjectSet(gerritProjectPattern); }
/** * Tests that only an admin can read server configuration and manipulate server state. * @throws Exception if so */ @Test @Issue({"SECURITY-402", "SECURITY-403" }) public void testOnlyAdminCanPerformServerConfigurationActions() throws Exception { GerritServer gerritServer = new GerritServer(PluginImpl.DEFAULT_SERVER_NAME); SshdServerMock.configureFor(sshd, gerritServer); PluginImpl.getInstance().addServer(gerritServer); gerritServer.getConfig().setNumberOfSendingWorkerThreads(NUMBEROFSENDERTHREADS); ((Config)gerritServer.getConfig()).setGerritAuthKeyFile(sshKey.getPrivateKey()); gerritServer.start(); Setup.lockDown(j); j.getInstance().setAuthorizationStrategy( new MockAuthorizationStrategy().grant(Item.READ, Item.DISCOVER).everywhere().toAuthenticated() .grant(Jenkins.READ, Item.DISCOVER).everywhere().toEveryone() .grant(Item.CONFIGURE).everywhere().to("bob") .grant(Jenkins.ADMINISTER).everywhere().to("alice")); j.jenkins.setCrumbIssuer(null); //Not really testing csrf right now JenkinsRule.WebClient webClient = j.createWebClient().login("alice", "alice"); HtmlPage page = webClient.goTo("plugin/gerrit-trigger/servers/0/"); HtmlForm config = page.getFormByName("config"); assertNotNull(config); post(webClient, "plugin/gerrit-trigger/servers/0/sleep", "application/json", null); webClient = j.createWebClient().login("bob", "bob"); webClient.assertFails("plugin/gerrit-trigger/servers/0/", 403); post(webClient, "plugin/gerrit-trigger/servers/0/wakeup", null, 403); }