Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15757

Disable\Delete "Remember me on this computer" check box in login screen

      As a security measure , we need to disable Disable\Delete "Remember me on this computer" check box in login screen.

      Can you inform how to achieve this ?

          [JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          changelog.html
          core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
          core/src/main/java/jenkins/model/Jenkins.java
          core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html
          core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
          core/src/main/resources/jenkins/model/Jenkins/login.jelly
          http://jenkins-ci.org/commit/jenkins/69ba2b8d6725b365734a1c96a71dcbae21bc3b1e
          Log:
          [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen

          • Adds an option to the Global Security screen to hide the remember me checkbox
          • A crafty user could use their browser to re-insert the form field and thereby get Jenkins to set the
            remember_me cookie on their browser, but this option should cover the 99.9% case.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: changelog.html core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/jenkins/model/Jenkins/login.jelly http://jenkins-ci.org/commit/jenkins/69ba2b8d6725b365734a1c96a71dcbae21bc3b1e Log: [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen Adds an option to the Global Security screen to hide the remember me checkbox A crafty user could use their browser to re-insert the form field and thereby get Jenkins to set the remember_me cookie on their browser, but this option should cover the 99.9% case.

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2902
          [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen (Revision 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e)

          Result = SUCCESS
          Stephen Connolly : 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e
          Files :

          • changelog.html
          • core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
          • core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html
          • core/src/main/java/jenkins/model/Jenkins.java
          • core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
          • core/src/main/resources/jenkins/model/Jenkins/login.jelly

          dogfood added a comment - Integrated in jenkins_main_trunk #2902 [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen (Revision 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e) Result = SUCCESS Stephen Connolly : 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e Files : changelog.html core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/resources/jenkins/model/Jenkins/login.jelly

          Daniel Beck added a comment -

          Fix against crafty users covering the 0.1% case in PR 994.

          Daniel Beck added a comment - Fix against crafty users covering the 0.1% case in PR 994 .

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
          http://jenkins-ci.org/commit/jenkins/2d9dec951ecb91608ae1644e5c988e8e8734d4f0
          Log:
          JENKINS-15757 Ignore 'remember me' if disabled in configuration

          The previous implementation of 'disable remember me' just removes the
          checkbox from the UI. Users still can set the parameter using a web
          browser extension, or patch the login page using a Greasemonkey script
          and keep using the feature. And just after the feature is enabled, users
          still might be able to use it if they loaded the login page early.

          This change prevents that by checking the current configuration and, if
          'remember me' is disabled, ignoring any headers set.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java http://jenkins-ci.org/commit/jenkins/2d9dec951ecb91608ae1644e5c988e8e8734d4f0 Log: JENKINS-15757 Ignore 'remember me' if disabled in configuration The previous implementation of 'disable remember me' just removes the checkbox from the UI. Users still can set the parameter using a web browser extension, or patch the login page using a Greasemonkey script and keep using the feature. And just after the feature is enabled, users still might be able to use it if they loaded the login page early. This change prevents that by checking the current configuration and, if 'remember me' is disabled, ignoring any headers set.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          test/src/test/java/hudson/security/LoginTest.java
          http://jenkins-ci.org/commit/jenkins/9ed2ed5fd90de8930802090cb7d0ffd0f996620c
          Log:
          JENKINS-15757 Add tests

          A new test for the existing 'Remember me' functionality that verifies that
          the cookie is set, and a new test showing that, even if requested by the
          user, no cookie will be set, if 'Remember me' is disabled in the security
          configuration.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml test/src/test/java/hudson/security/LoginTest.java http://jenkins-ci.org/commit/jenkins/9ed2ed5fd90de8930802090cb7d0ffd0f996620c Log: JENKINS-15757 Add tests A new test for the existing 'Remember me' functionality that verifies that the cookie is set, and a new test showing that, even if requested by the user, no cookie will be set, if 'Remember me' is disabled in the security configuration.

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          test/src/test/java/hudson/security/LoginTest.java
          http://jenkins-ci.org/commit/jenkins/dec369e68eab3cfdcadf4c9660d174a1106e23a9
          Log:
          Merge pull request #994 from daniel-beck/dont-remember-me

          JENKINS-15757 Ignore 'remember me' if disabled in configuration

          Compare: https://github.com/jenkinsci/jenkins/compare/dfc2f57d191b...dec369e68eab

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml test/src/test/java/hudson/security/LoginTest.java http://jenkins-ci.org/commit/jenkins/dec369e68eab3cfdcadf4c9660d174a1106e23a9 Log: Merge pull request #994 from daniel-beck/dont-remember-me JENKINS-15757 Ignore 'remember me' if disabled in configuration Compare: https://github.com/jenkinsci/jenkins/compare/dfc2f57d191b...dec369e68eab

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3016
          JENKINS-15757 Ignore 'remember me' if disabled in configuration (Revision 2d9dec951ecb91608ae1644e5c988e8e8734d4f0)
          JENKINS-15757 Add tests (Revision 9ed2ed5fd90de8930802090cb7d0ffd0f996620c)

          Result = SUCCESS
          daniel-beck : 2d9dec951ecb91608ae1644e5c988e8e8734d4f0
          Files :

          • core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java

          daniel-beck : 9ed2ed5fd90de8930802090cb7d0ffd0f996620c
          Files :

          • test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          • test/src/main/preset-data/secured-acegi/readme.txt
          • test/src/test/java/hudson/security/LoginTest.java
          • test/src/main/preset-data/secured-acegi/config.xml
          • test/src/main/preset-data/secured-acegi/users/alice/config.xml

          dogfood added a comment - Integrated in jenkins_main_trunk #3016 JENKINS-15757 Ignore 'remember me' if disabled in configuration (Revision 2d9dec951ecb91608ae1644e5c988e8e8734d4f0) JENKINS-15757 Add tests (Revision 9ed2ed5fd90de8930802090cb7d0ffd0f996620c) Result = SUCCESS daniel-beck : 2d9dec951ecb91608ae1644e5c988e8e8734d4f0 Files : core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java daniel-beck : 9ed2ed5fd90de8930802090cb7d0ffd0f996620c Files : test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/readme.txt test/src/test/java/hudson/security/LoginTest.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/users/alice/config.xml

          Code changed in jenkins
          User: Daniel Beck
          Path:
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          http://jenkins-ci.org/commit/jenkins-test-harness/5b0d293a4f41fea9b020fbe4636da5c5d825906e
          Log:
          JENKINS-15757 Add tests

          A new test for the existing 'Remember me' functionality that verifies that
          the cookie is set, and a new test showing that, even if requested by the
          user, no cookie will be set, if 'Remember me' is disabled in the security
          configuration.

          Originally-Committed-As: 9ed2ed5fd90de8930802090cb7d0ffd0f996620c

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml http://jenkins-ci.org/commit/jenkins-test-harness/5b0d293a4f41fea9b020fbe4636da5c5d825906e Log: JENKINS-15757 Add tests A new test for the existing 'Remember me' functionality that verifies that the cookie is set, and a new test showing that, even if requested by the user, no cookie will be set, if 'Remember me' is disabled in the security configuration. Originally-Committed-As: 9ed2ed5fd90de8930802090cb7d0ffd0f996620c

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          http://jenkins-ci.org/commit/jenkins-test-harness/81bffe21e593b7d7f835bde33d68739f12cbf2cc
          Log:
          Merge pull request #994 from daniel-beck/dont-remember-me

          JENKINS-15757 Ignore 'remember me' if disabled in configuration
          Originally-Committed-As: dec369e68eab3cfdcadf4c9660d174a1106e23a9

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml http://jenkins-ci.org/commit/jenkins-test-harness/81bffe21e593b7d7f835bde33d68739f12cbf2cc Log: Merge pull request #994 from daniel-beck/dont-remember-me JENKINS-15757 Ignore 'remember me' if disabled in configuration Originally-Committed-As: dec369e68eab3cfdcadf4c9660d174a1106e23a9

            Unassigned Unassigned
            sendilprakash prakash ganeshan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: