Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47426

ClientAuthenticationCache#getPropertyKey not consistent when rootUrl is not set

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: cli
    • Labels:
      None
    • Similar Issues:

      Description

      Given an instance of Jenkins where the rootUrl is not configured (dev instance, etc.), the ClientAuthenticationCache is not working as expected.

      Normally it's responsible to store the authentications between login and logout command from the CLI. To avoid conflict between multiple instances of Jenkins, there is a propertyKey that is computed using the rootUrl. In the case there is no rootUrl, the propertyKey is computed using the following fallback : `Secret.fromString("key").getEncryptedValue()`.

      The problem is that the IV of that new Secret is not set and so the getEncryptedValue will return a new value for each call to getPropertyKey(). So when we want to store the authentication we compute a propertyKey and then when we try to retrieve the information we compute new propertyKey at each time. Due to that behavior, the login CLI command does not work as expected when the rootUrl is not set.

      Having the "rootUrl not set" will generate a warning when the AdminMonitor from JENKINS-31661 will be implemented.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Recommend just closing as will not fix, since this class is used only in Remoting mode, which is long deprecated (and you should have a rootUrl set anyway).

            FWIW, reproducible as

            diff --git a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
            index 7f347c3974..cd782f8f48 100644
            --- a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
            +++ b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
            @@ -113,6 +113,7 @@ public class ClientAuthenticationCacheTest {
                     JenkinsLocationConfiguration.get().setUrl(null);
                     String key = cache.getPropertyKey();
                     assertTrue(key, Secret.decrypt(key) != null);
            +        assertEquals(key, cache.getPropertyKey());
                 }
             
                 private void assertCLI(int code, @CheckForNull String output, File jar, String... args) throws Exception {
            
            Show
            jglick Jesse Glick added a comment - Recommend just closing as will not fix, since this class is used only in Remoting mode, which is long deprecated (and you should have a rootUrl set anyway). FWIW, reproducible as diff --git a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java index 7f347c3974..cd782f8f48 100644 --- a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java +++ b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java @@ -113,6 +113,7 @@ public class ClientAuthenticationCacheTest { JenkinsLocationConfiguration.get().setUrl( null ); String key = cache.getPropertyKey(); assertTrue(key, Secret.decrypt(key) != null ); + assertEquals(key, cache.getPropertyKey()); } private void assertCLI( int code, @CheckForNull String output, File jar, String ... args) throws Exception {
            Hide
            wfollonier Wadeck Follonier added a comment - - edited

            Jesse Glick as I saw your comment only now, you can find the quick fix on #3080

            Show
            wfollonier Wadeck Follonier added a comment - - edited Jesse Glick as I saw your comment only now, you can find the quick fix on  #3080

              People

              • Assignee:
                wfollonier Wadeck Follonier
                Reporter:
                wfollonier Wadeck Follonier
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: