@RequirePOST public HttpResponse doRename(@AncestorInPath User u, @QueryParameter String tokenUuid, @QueryParameter String newName) throws IOException { // only current user + administrator can rename token u.checkPermission(Jenkins.ADMINISTER); if (StringUtils.isBlank(newName)) { return HttpResponses.errorJSON("The name cannot be empty"); } if(StringUtils.isBlank(tokenUuid)){ // using the web UI this should not occur return HttpResponses.errorWithoutStack(400, "The tokenUuid cannot be empty"); } ApiTokenProperty p = u.getProperty(ApiTokenProperty.class); if (p == null) { return HttpResponses.errorWithoutStack(400, "The user does not have any ApiToken yet, try generating one before."); } boolean renameOk = p.tokenStore.renameToken(tokenUuid, newName); if(!renameOk){ // that could potentially happen if the token is removed from another page // between your page loaded and your action return HttpResponses.errorJSON("No token found, try refreshing the page"); } u.save(); return HttpResponses.ok(); }
public void run() { GitLabPushTrigger trigger = GitLabPushTrigger.getFromJob((Job<?, ?>) project); if (trigger != null) { if (StringUtils.isEmpty(trigger.getSecretToken())) { checkPermission(Item.BUILD); } else if (!StringUtils.equals(trigger.getSecretToken(), secretToken)) { throw HttpResponses.errorWithoutStack(401, "Invalid token"); } performOnPost(trigger); } }
void execute() { if (!(project instanceof Job<?, ?>)) { throw HttpResponses.errorWithoutStack(409, "Pipeline Hook is not supported for this project"); } ACL.impersonate(ACL.SYSTEM, new TriggerNotifier(project, secretToken, Jenkins.getAuthentication()) { @Override protected void performOnPost(GitLabPushTrigger trigger) { trigger.onPost(pipelineBuildHook); } }); throw HttpResponses.ok(); }
@RequirePOST public HttpResponse doRevoke(@AncestorInPath User u, @QueryParameter String tokenUuid) throws IOException { // only current user + administrator can revoke token u.checkPermission(Jenkins.ADMINISTER); if(StringUtils.isBlank(tokenUuid)){ // using the web UI this should not occur return HttpResponses.errorWithoutStack(400, "The tokenUuid cannot be empty"); } ApiTokenProperty p = u.getProperty(ApiTokenProperty.class); if (p == null) { return HttpResponses.errorWithoutStack(400, "The user does not have any ApiToken yet, try generating one before."); } ApiTokenStore.HashedToken revoked = p.tokenStore.revokeToken(tokenUuid); if(revoked != null){ if(revoked.isLegacy()){ // if the user revoked the API Token, we can delete it p.apiToken = null; } p.tokenStats.removeId(revoked.getUuid()); } u.save(); return HttpResponses.ok(); } }
public void execute() { if (!(project instanceof Job<?, ?>)) { throw HttpResponses.errorWithoutStack(409, "Merge Request Hook is not supported for this project"); } ACL.impersonate(ACL.SYSTEM, new TriggerNotifier(project, secretToken, Jenkins.getAuthentication()) { @Override protected void performOnPost(GitLabPushTrigger trigger) { trigger.onPost(mergeRequestHook); } }); throw HttpResponses.ok(); } }
public void execute(StaplerResponse response) { if (!(project instanceof Job<?, ?>)) { throw HttpResponses.errorWithoutStack(409, "Note Hook is not supported for this project"); } ACL.impersonate(ACL.SYSTEM, new BuildWebHookAction.TriggerNotifier(project, secretToken, Jenkins.getAuthentication()) { @Override protected void performOnPost(GitLabPushTrigger trigger) { trigger.onPost(noteHook); } }); throw HttpResponses.ok(); } }
private void checkPermission(Permission permission) { if (((GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class)).isUseAuthenticatedEndpoint()) { if (!Jenkins.getActiveInstance().getACL().hasPermission(authentication, permission)) { String message = Messages.AccessDeniedException2_MissingPermission(authentication.getName(), permission.group.title+"/"+permission.name); LOGGER.finest("Unauthorized (Did you forget to add API Token to the web hook ?)"); throw HttpResponses.errorWithoutStack(403, message); } } }
public void execute() { if (pushHook.getRepository() != null && pushHook.getRepository().getUrl() == null) { LOGGER.log(Level.WARNING, "No repository url found."); return; } if (project instanceof Job<?, ?>) { ACL.impersonate(ACL.SYSTEM, new TriggerNotifier(project, secretToken, Jenkins.getAuthentication()) { @Override protected void performOnPost(GitLabPushTrigger trigger) { trigger.onPost(pushHook); } }); throw HttpResponses.ok(); } if (project instanceof SCMSourceOwner) { ACL.impersonate(ACL.SYSTEM, new SCMSourceOwnerNotifier()); throw HttpResponses.ok(); } throw HttpResponses.errorWithoutStack(409, "Push Hook is not supported for this project"); }
@Override public final HttpResponse doDisable() throws IOException, ServletException { return HttpResponses.errorWithoutStack(405, Messages.MatrixConfiguration_DisableNotAllowed()); }
@Override public HttpResponse onSuccess(String authorizationCode) { try { IdTokenResponse response = IdTokenResponse.execute( flow.newTokenRequest(authorizationCode).setRedirectUri(buildOAuthRedirectUrl()) ); IdToken idToken = IdToken.parse( JSON_FACTORY, response.getIdToken()); Object username = idToken.getPayload().get(userNameField); if(username==null) { return HttpResponses.error(500,"no field '"+userNameField+"' was suppied in the token payload to be used as the username"); } if(failedCheckOfTokenField(idToken)) { return HttpResponses.errorWithoutStack(401, "Unauthorized"); } flow.createAndStoreCredential(response, null); loginAndSetUserData(username.toString(), new GrantedAuthority[] { SecurityRealm.AUTHENTICATED_AUTHORITY }, idToken); return new HttpRedirect(redirectOnFinish); } catch (IOException e) { return HttpResponses.error(500,e); } } }.doCommenceLogin();