@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { if (req == null) { // Should never happen, see newInstance() Javadoc throw new FormException("Stapler request is missing in the call", "staplerRequest"); } String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } User user = Util.getNearestAncestorOfTypeOrThrow(req, User.class); // the UserSeedProperty is not touched by the configure page UserSeedProperty userSeedProperty = user.getProperty(UserSeedProperty.class); if (userSeedProperty != null) { userSeedProperty.renewSeed(); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
public String getProtectedPassword() { // put session Id in it to prevent a replay attack. return Protector.protect(Stapler.getCurrentRequest().getSession().getId()+':'+getPassword()); }
@Override public Details loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { User u = User.getById(username, false); Details p = u!=null ? u.getProperty(Details.class) : null; if(p==null) throw new UsernameNotFoundException("Password is not set: "+username); if(p.getUser()==null) throw new AssertionError(); return p; }
password = (String) authentication.getCredentials(); if (hudsonPrivateSecurityRealm.isPasswordCorrect(password)) { LOGGER.log(Level.INFO, String.format("Falling back into the internal user %s", username)); return new ActiveDirectoryUserDetail(username, password, true, true, true, true, hudsonPrivateSecurityRealm.getAuthorities(), internalUser.getDisplayName(), "", ""); } else { LOGGER.log(Level.WARNING, String.format("Credential exception trying to authenticate against %s domain", domain.getName()), ne);
/** * Determines if the security settings seem to match the defaults. Here, we only * really care about and test for HudsonPrivateSecurityRealm and the user setup. * Other settings are irrelevant. */ /*package*/ boolean isUsingSecurityDefaults() { Jenkins j = Jenkins.getInstance(); if (j.getSecurityRealm() instanceof HudsonPrivateSecurityRealm) { HudsonPrivateSecurityRealm securityRealm = (HudsonPrivateSecurityRealm)j.getSecurityRealm(); try { if(securityRealm.getAllUsers().size() == 1) { HudsonPrivateSecurityRealm.Details details = securityRealm.loadUserByUsername(SetupWizard.initialSetupAdminUserName); FilePath iapf = getInitialAdminPasswordFile(); if (iapf.exists()) { if (details.isPasswordCorrect(iapf.readToString().trim())) { return true; } } } } catch(UsernameNotFoundException | IOException | InterruptedException e) { return false; // Not initial security setup if no transitional admin user / password found } } return false; }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { if (req == null) { // Should never happen, see newInstance() Javadoc throw new FormException("Stapler request is missing in the call", "staplerRequest"); } String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
static Details fromHashedPassword(String hashed) { return new Details(hashed); }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2 = Util.fixEmpty(req.getParameter("user.password2")); if (!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) { throw new FormException("Please confirm the password by typing it twice", "user.password2"); } String data = Protector.unprotect(pwd); if (data != null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if (data.startsWith(prefix)) { return Details.fromHashedPassword(data.substring(prefix.length())); } } return Details.fromPlainPassword(Util.fixNull(pwd)); }
static Details fromPlainPassword(String rawPassword) { return new Details(PASSWORD_ENCODER.encodePassword(rawPassword,null)); }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
static Details fromHashedPassword(String hashed) { return new Details(hashed); }
static Details fromHashedPassword(String hashed) { return new Details(hashed); }
static Details fromPlainPassword(String rawPassword) { return new Details(PASSWORD_ENCODER.encodePassword(rawPassword,null)); }
static Details fromHashedPassword(String hashed) { return new Details(hashed); }
static Details fromPlainPassword(String rawPassword) { return new Details(PASSWORD_ENCODER.encodePassword(rawPassword,null)); }
@Override protected Details authenticate(String username, String password) throws AuthenticationException { Details u = loadUserByUsername(username); if (!u.isPasswordCorrect(password)) { String message; try { message = ResourceBundle.getBundle("org.acegisecurity.messages").getString("AbstractUserDetailsAuthenticationProvider.badCredentials"); } catch (MissingResourceException x) { message = "Bad credentials"; } throw new BadCredentialsException(message); } return u; }
@Override public Details newInstance(StaplerRequest req, JSONObject formData) throws FormException { String pwd = Util.fixEmpty(req.getParameter("user.password")); String pwd2= Util.fixEmpty(req.getParameter("user.password2")); if(!Util.fixNull(pwd).equals(Util.fixNull(pwd2))) throw new FormException("Please confirm the password by typing it twice","user.password2"); String data = Protector.unprotect(pwd); if(data!=null) { String prefix = Stapler.getCurrentRequest().getSession().getId() + ':'; if(data.startsWith(prefix)) return Details.fromHashedPassword(data.substring(prefix.length())); } return Details.fromPlainPassword(Util.fixNull(pwd)); }
static Details fromHashedPassword(String hashed) { return new Details(hashed); }
static Details fromPlainPassword(String rawPassword) { return new Details(PASSWORD_ENCODER.encodePassword(rawPassword, null)); }