Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42470

ModelConverterAction should use CrumbExclusionFilter

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      https://github.com/jenkinsci/pipeline-model-definition-plugin/wiki/Validating-(or-linting)-a-Declarative-Jenkinsfile-from-the-command-line#how-to-use tells you to get a crumb from Jenkins, which makes REST-based access very awkward. This is only needed because we are accepting POST requests, which is only needed because we are sending content. But the action has no side effects so there is no actual need for a crumb. You should implement CrumbExclusionFilter to simplify usage.

      I would also suggest that doValidate should just stream from its body rather than require a form field, but I guess this would be an incompatible change.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            BTW why is this documentation not on jenkins.io?

            Show
            jglick Jesse Glick added a comment - BTW why is this documentation not on jenkins.io?
            Hide
            jglick Jesse Glick added a comment -

            Also it checks Permission.READ. That is wrong; you should not use these generic permissions, as they are not managed by authorization strategies. Rather use Jenkins.READ.

            Show
            jglick Jesse Glick added a comment - Also it checks Permission.READ . That is wrong; you should not use these generic permissions, as they are not managed by authorization strategies. Rather use Jenkins.READ .
            Hide
            abayer Andrew Bayer added a comment -

            Got an example of CrumbExclusionFilter I can look at?

            Show
            abayer Andrew Bayer added a comment - Got an example of CrumbExclusionFilter I can look at?
            Hide
            abayer Andrew Bayer added a comment -

            Ah, it's CrumbExclusion and I found one in github-plugin.

            Show
            abayer Andrew Bayer added a comment - Ah, it's CrumbExclusion and I found one in github-plugin .
            Show
            abayer Andrew Bayer added a comment - PR up at https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/129
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterAction.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/WhenStageTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ErrorsEndpointOpsTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionStepsTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/SuccessfulEndpointOpsTest.java
            http://jenkins-ci.org/commit/pipeline-model-definition-plugin/3671e8dba6a7f12bdcb4f50440e3cd4b7a3fbab6
            Log:
            [FIXED JENKINS-42470] Use CrumbExclusion and Jenkins.READ perms

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterAction.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/WhenStageTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ErrorsEndpointOpsTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionStepsTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/SuccessfulEndpointOpsTest.java http://jenkins-ci.org/commit/pipeline-model-definition-plugin/3671e8dba6a7f12bdcb4f50440e3cd4b7a3fbab6 Log: [FIXED JENKINS-42470] Use CrumbExclusion and Jenkins.READ perms

              People

              • Assignee:
                abayer Andrew Bayer
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: