Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15757

Disable\Delete "Remember me on this computer" check box in login screen

      As a security measure , we need to disable Disable\Delete "Remember me on this computer" check box in login screen.

      Can you inform how to achieve this ?

          [JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen

          prakash ganeshan created issue -

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          changelog.html
          core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
          core/src/main/java/jenkins/model/Jenkins.java
          core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html
          core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
          core/src/main/resources/jenkins/model/Jenkins/login.jelly
          http://jenkins-ci.org/commit/jenkins/69ba2b8d6725b365734a1c96a71dcbae21bc3b1e
          Log:
          [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen

          • Adds an option to the Global Security screen to hide the remember me checkbox
          • A crafty user could use their browser to re-insert the form field and thereby get Jenkins to set the
            remember_me cookie on their browser, but this option should cover the 99.9% case.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: changelog.html core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/java/jenkins/model/Jenkins.java core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/jenkins/model/Jenkins/login.jelly http://jenkins-ci.org/commit/jenkins/69ba2b8d6725b365734a1c96a71dcbae21bc3b1e Log: [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen Adds an option to the Global Security screen to hide the remember me checkbox A crafty user could use their browser to re-insert the form field and thereby get Jenkins to set the remember_me cookie on their browser, but this option should cover the 99.9% case.
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2902
          [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen (Revision 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e)

          Result = SUCCESS
          Stephen Connolly : 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e
          Files :

          • changelog.html
          • core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy
          • core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html
          • core/src/main/java/jenkins/model/Jenkins.java
          • core/src/main/java/hudson/security/GlobalSecurityConfiguration.java
          • core/src/main/resources/jenkins/model/Jenkins/login.jelly

          dogfood added a comment - Integrated in jenkins_main_trunk #2902 [FIXED JENKINS-15757] Disable\Delete "Remember me on this computer" check box in login screen (Revision 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e) Result = SUCCESS Stephen Connolly : 69ba2b8d6725b365734a1c96a71dcbae21bc3b1e Files : changelog.html core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-disableRememberMe.html core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/hudson/security/GlobalSecurityConfiguration.java core/src/main/resources/jenkins/model/Jenkins/login.jelly
          Daniel Beck made changes -
          Labels New: lts-candidate security

          Daniel Beck added a comment -

          Fix against crafty users covering the 0.1% case in PR 994.

          Daniel Beck added a comment - Fix against crafty users covering the 0.1% case in PR 994 .

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
          http://jenkins-ci.org/commit/jenkins/2d9dec951ecb91608ae1644e5c988e8e8734d4f0
          Log:
          JENKINS-15757 Ignore 'remember me' if disabled in configuration

          The previous implementation of 'disable remember me' just removes the
          checkbox from the UI. Users still can set the parameter using a web
          browser extension, or patch the login page using a Greasemonkey script
          and keep using the feature. And just after the feature is enabled, users
          still might be able to use it if they loaded the login page early.

          This change prevents that by checking the current configuration and, if
          'remember me' is disabled, ignoring any headers set.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java http://jenkins-ci.org/commit/jenkins/2d9dec951ecb91608ae1644e5c988e8e8734d4f0 Log: JENKINS-15757 Ignore 'remember me' if disabled in configuration The previous implementation of 'disable remember me' just removes the checkbox from the UI. Users still can set the parameter using a web browser extension, or patch the login page using a Greasemonkey script and keep using the feature. And just after the feature is enabled, users still might be able to use it if they loaded the login page early. This change prevents that by checking the current configuration and, if 'remember me' is disabled, ignoring any headers set.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          test/src/test/java/hudson/security/LoginTest.java
          http://jenkins-ci.org/commit/jenkins/9ed2ed5fd90de8930802090cb7d0ffd0f996620c
          Log:
          JENKINS-15757 Add tests

          A new test for the existing 'Remember me' functionality that verifies that
          the cookie is set, and a new test showing that, even if requested by the
          user, no cookie will be set, if 'Remember me' is disabled in the security
          configuration.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml test/src/test/java/hudson/security/LoginTest.java http://jenkins-ci.org/commit/jenkins/9ed2ed5fd90de8930802090cb7d0ffd0f996620c Log: JENKINS-15757 Add tests A new test for the existing 'Remember me' functionality that verifies that the cookie is set, and a new test showing that, even if requested by the user, no cookie will be set, if 'Remember me' is disabled in the security configuration.

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java
          test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          test/src/main/preset-data/secured-acegi/config.xml
          test/src/main/preset-data/secured-acegi/readme.txt
          test/src/main/preset-data/secured-acegi/users/alice/config.xml
          test/src/test/java/hudson/security/LoginTest.java
          http://jenkins-ci.org/commit/jenkins/dec369e68eab3cfdcadf4c9660d174a1106e23a9
          Log:
          Merge pull request #994 from daniel-beck/dont-remember-me

          JENKINS-15757 Ignore 'remember me' if disabled in configuration

          Compare: https://github.com/jenkinsci/jenkins/compare/dfc2f57d191b...dec369e68eab

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/readme.txt test/src/main/preset-data/secured-acegi/users/alice/config.xml test/src/test/java/hudson/security/LoginTest.java http://jenkins-ci.org/commit/jenkins/dec369e68eab3cfdcadf4c9660d174a1106e23a9 Log: Merge pull request #994 from daniel-beck/dont-remember-me JENKINS-15757 Ignore 'remember me' if disabled in configuration Compare: https://github.com/jenkinsci/jenkins/compare/dfc2f57d191b...dec369e68eab

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3016
          JENKINS-15757 Ignore 'remember me' if disabled in configuration (Revision 2d9dec951ecb91608ae1644e5c988e8e8734d4f0)
          JENKINS-15757 Add tests (Revision 9ed2ed5fd90de8930802090cb7d0ffd0f996620c)

          Result = SUCCESS
          daniel-beck : 2d9dec951ecb91608ae1644e5c988e8e8734d4f0
          Files :

          • core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java

          daniel-beck : 9ed2ed5fd90de8930802090cb7d0ffd0f996620c
          Files :

          • test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java
          • test/src/main/preset-data/secured-acegi/readme.txt
          • test/src/test/java/hudson/security/LoginTest.java
          • test/src/main/preset-data/secured-acegi/config.xml
          • test/src/main/preset-data/secured-acegi/users/alice/config.xml

          dogfood added a comment - Integrated in jenkins_main_trunk #3016 JENKINS-15757 Ignore 'remember me' if disabled in configuration (Revision 2d9dec951ecb91608ae1644e5c988e8e8734d4f0) JENKINS-15757 Add tests (Revision 9ed2ed5fd90de8930802090cb7d0ffd0f996620c) Result = SUCCESS daniel-beck : 2d9dec951ecb91608ae1644e5c988e8e8734d4f0 Files : core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java daniel-beck : 9ed2ed5fd90de8930802090cb7d0ffd0f996620c Files : test/src/main/java/org/jvnet/hudson/test/recipes/PresetData.java test/src/main/preset-data/secured-acegi/readme.txt test/src/test/java/hudson/security/LoginTest.java test/src/main/preset-data/secured-acegi/config.xml test/src/main/preset-data/secured-acegi/users/alice/config.xml

            Unassigned Unassigned
            sendilprakash prakash ganeshan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: