/** * Accepts the new description. */ @RequirePOST public void doSubmitDescription(StaplerRequest req, StaplerResponse rsp) throws IOException { checkPermission(Jenkins.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Only usable if the user still has the legacy API token. * @deprecated Each token can be revoked now and new tokens can be requested without altering existing ones. */ @Deprecated public void changeApiToken() throws IOException { // just to keep the same level of security user.checkPermission(Jenkins.ADMINISTER); LOGGER.log(Level.FINE, "Deprecated usage of changeApiToken"); ApiTokenStore.HashedToken existingLegacyToken = tokenStore.getLegacyToken(); _changeApiToken(); tokenStore.regenerateTokenFromLegacy(apiToken); if(existingLegacyToken != null){ tokenStats.removeId(existingLegacyToken.getUuid()); } user.save(); }
@RequirePOST public HttpResponse doRename(@AncestorInPath User u, @QueryParameter String tokenUuid, @QueryParameter String newName) throws IOException { // only current user + administrator can rename token u.checkPermission(Jenkins.ADMINISTER); if (StringUtils.isBlank(newName)) { return HttpResponses.errorJSON("The name cannot be empty"); } if(StringUtils.isBlank(tokenUuid)){ // using the web UI this should not occur return HttpResponses.errorWithoutStack(400, "The tokenUuid cannot be empty"); } ApiTokenProperty p = u.getProperty(ApiTokenProperty.class); if (p == null) { return HttpResponses.errorWithoutStack(400, "The user does not have any ApiToken yet, try generating one before."); } boolean renameOk = p.tokenStore.renameToken(tokenUuid, newName); if(!renameOk){ // that could potentially happen if the token is removed from another page // between your page loaded and your action return HttpResponses.errorJSON("No token found, try refreshing the page"); } u.save(); return HttpResponses.ok(); }
checkPermission(Jenkins.ADMINISTER);
@RequirePOST public synchronized HttpResponse doRenewSessionSeed(@AncestorInPath @Nonnull User u) throws IOException { u.checkPermission(Jenkins.ADMINISTER); if (DISABLE_USER_SEED) { return HttpResponses.error(404, "User seed feature is disabled"); } try (BulkChange bc = new BulkChange(u)) { UserSeedProperty p = u.getProperty(UserSeedProperty.class); p.renewSeed(); LastGrantedAuthoritiesProperty lastGranted = u.getProperty(LastGrantedAuthoritiesProperty.class); if (lastGranted != null) { lastGranted.invalidate(); } bc.commit(); } return HttpResponses.ok(); }
@RequirePOST public HttpResponse doRevoke(@AncestorInPath User u, @QueryParameter String tokenUuid) throws IOException { // only current user + administrator can revoke token u.checkPermission(Jenkins.ADMINISTER); if(StringUtils.isBlank(tokenUuid)){ // using the web UI this should not occur return HttpResponses.errorWithoutStack(400, "The tokenUuid cannot be empty"); } ApiTokenProperty p = u.getProperty(ApiTokenProperty.class); if (p == null) { return HttpResponses.errorWithoutStack(400, "The user does not have any ApiToken yet, try generating one before."); } ApiTokenStore.HashedToken revoked = p.tokenStore.revokeToken(tokenUuid); if(revoked != null){ if(revoked.isLegacy()){ // if the user revoked the API Token, we can delete it p.apiToken = null; } p.tokenStats.removeId(revoked.getUuid()); } u.save(); return HttpResponses.ok(); } }
/** * Deletes this user from Hudson. */ @RequirePOST public void doDoDelete(StaplerRequest req, StaplerResponse rsp) throws IOException { checkPermission(Jenkins.ADMINISTER); if (idStrategy().equals(id, Jenkins.getAuthentication().getName())) { rsp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Cannot delete self"); return; } delete(); rsp.sendRedirect2("../.."); }
/** * @deprecated use {@link #doGenerateNewToken(User, String)} instead */ @Deprecated @RequirePOST public HttpResponse doChangeToken(@AncestorInPath User u, StaplerResponse rsp) throws IOException { // you are the user or you have ADMINISTER permission u.checkPermission(Jenkins.ADMINISTER); LOGGER.log(Level.FINE, "Deprecated action /changeToken used, consider using /generateNewToken instead"); if(!mustDisplayLegacyApiToken(u)){ // user does not have legacy token and the capability to create one without an existing one is disabled return HttpResponses.html(Messages.ApiTokenProperty_ChangeToken_CapabilityNotAllowed()); } ApiTokenProperty p = u.getProperty(ApiTokenProperty.class); if (p == null) { p = forceNewInstance(u, true); p.setUser(u); u.addProperty(p); } else { // even if the user does not have legacy token, this method let some legacy system to regenerate one p.changeApiToken(); } rsp.setHeader("script","document.getElementById('apiToken').value='"+p.getApiToken()+"'"); return HttpResponses.html(p.hasPermissionToSeeToken() ? Messages.ApiTokenProperty_ChangeToken_Success() : Messages.ApiTokenProperty_ChangeToken_SuccessHidden()); }
@GET @Path("{userName}") public UserDTO getUser(final @PathParam("userName") String userName) { checkNotNull(userName); log.debug("Getting user: {}", userName); User user = securityService.getUser(userName); log.debug("Getting user with ID: {}", user.getId()); user.checkPermission(Permission.READ); return userx.convert(user); } }
public void changeApiToken() throws IOException { user.checkPermission(Jenkins.ADMINISTER); _changeApiToken(); user.save(); }
/** * Helper method to check the specified permission. * * @param p the permission to checl. */ private void checkPermission(Permission p) { if (user.equals(User.current())) { user.checkPermission(p); } else { throw new AccessDeniedException2(Jenkins.getAuthentication(), p); } }
/** * Helper method to check the specified permission. * * @param p the permission to checl. */ private void checkPermission(Permission p) { if (user.equals(User.current())) { user.checkPermission(p); } else { throw new AccessDeniedException2(Jenkins.getAuthentication(), p); } }
/** * Accepts the new description. */ public synchronized void doSubmitDescription( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { checkPermission(Hudson.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Accepts the new description. */ public synchronized void doSubmitDescription( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { checkPermission(Hudson.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Accepts the new description. */ public synchronized void doSubmitDescription(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { checkPermission(Hudson.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Accepts the new description. */ public synchronized void doSubmitDescription( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { checkPermission(Hudson.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Deletes this user from Hudson. */ public void doDoDelete(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { requirePOST(); checkPermission(Hudson.ADMINISTER); if (id.equals(Hudson.getAuthentication().getName())) { rsp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Cannot delete self"); return; } delete(); rsp.sendRedirect2("../.."); }
/** * Accepts the new description. */ @RequirePOST public synchronized void doSubmitDescription( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException { checkPermission(Jenkins.ADMINISTER); description = req.getParameter("description"); save(); rsp.sendRedirect("."); // go to the top page }
/** * Deletes this user from Hudson. */ public void doDoDelete(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { requirePOST(); checkPermission(Hudson.ADMINISTER); if (id.equals(Hudson.getAuthentication().getName())) { rsp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Cannot delete self"); return; } delete(); rsp.sendRedirect2("../.."); }
/** * Deletes this user from Hudson. */ @RequirePOST public void doDoDelete(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { checkPermission(Jenkins.ADMINISTER); if (idStrategy().equals(id, Jenkins.getAuthentication().getName())) { rsp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Cannot delete self"); return; } delete(); rsp.sendRedirect2("../.."); }