Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Component/s: core
-
Labels:
-
Similar Issues:
-
Epic Link:
Description
The /securityRealm/firstUser is accessible and allows creating an account while the setup wizard is active, but nobody has logged in so far.
Also, really weird UI brokenness since / is still the setup wizard. 
Attachments
Issue Links
- links to
Activity
Code changed in jenkins
User: kzantow
Path:
.mvn/jvm.config
changelog.html
core/pom.xml
core/src/main/java/hudson/ExtensionFinder.java
core/src/main/java/hudson/init/impl/InstallUncaughtExceptionHandler.java
core/src/main/java/hudson/model/Fingerprint.java
core/src/main/java/hudson/model/ItemGroupMixIn.java
core/src/main/java/hudson/model/View.java
core/src/main/java/hudson/model/ViewDescriptor.java
core/src/main/java/jenkins/install/InstallUtil.java
core/src/main/java/jenkins/install/SetupWizard.java
core/src/main/java/jenkins/model/Jenkins.java
core/src/main/resources/hudson/model/AllView/noJob.jelly
core/src/main/resources/hudson/tools/label.jelly
core/src/main/resources/jenkins/install/SetupWizard/authenticate-security-token.jelly
core/src/main/resources/jenkins/install/UpgradeWizard/footer.jelly
core/src/main/resources/jenkins/install/UpgradeWizard/footer.properties
core/src/main/resources/jenkins/install/pluginSetupWizard.properties
core/src/main/resources/lib/form/repeatableDeleteButton.jelly
core/src/main/resources/lib/hudson/ballColorTd.jelly
core/src/main/resources/lib/layout/html.jelly
test/src/test/java/hudson/jobs/CreateItemTest.java
test/src/test/java/hudson/model/ViewDescriptorTest.java
test/src/test/java/hudson/model/ViewTest.java
war/src/main/js/api/pluginManager.js
war/src/main/js/pluginSetupWizardGui.js
war/src/main/js/templates/errorPanel.hbs
war/src/main/less/pluginSetupWizard.less
war/src/main/webapp/css/style.css
http://jenkins-ci.org/commit/jenkins/f06ee0fef4632c7f0994f8d5ebee086240348e80
Log:
Merge remote-tracking branch 'primary/2.0' into JENKINS-33770-security-token-not-always-required
Code changed in jenkins
User: kzantow
Path:
core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
core/src/main/java/jenkins/install/SetupWizard.java
core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/setupWizardFirstUser.jelly
core/src/main/resources/jenkins/install/SetupWizard/setupWizardFirstUser.jelly
war/src/main/js/api/securityConfig.js
war/src/main/js/templates/firstUserPanel.hbs
http://jenkins-ci.org/commit/jenkins/3cf8de04a9fae00dabcec4c3888903afda4336df
Log:
JENKINS-33770 - fix issue directly submitting firstUser page
Code changed in jenkins
User: kzantow
Path:
core/src/main/java/jenkins/install/SetupWizard.java
http://jenkins-ci.org/commit/jenkins/2968285d9a2158747bfc5fc2c93b8217bfff7702
Log:
JENKINS-33770 - not all paths restricted during SetupWizard
Yep – First approach had a different Stapler root object (no Jenkins), but that quickly became a mess as Jenkins was needed e.g. for integrating the security configuration into the initial setup.
The comment thread on this starts around https://github.com/jenkinsci/jenkins/pull/2042#issuecomment-191396954 in the initial PR.
Code changed in jenkins
User: Daniel Beck
Path:
core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
core/src/main/java/jenkins/install/SetupWizard.java
core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/setupWizardFirstUser.jelly
core/src/main/resources/jenkins/install/SetupWizard/setupWizardFirstUser.jelly
war/src/main/js/api/securityConfig.js
war/src/main/js/templates/firstUserPanel.hbs
http://jenkins-ci.org/commit/jenkins/360cfcdcc87f8f10c9041e3fedfbee522fc035ed
Log:
Merge pull request #2170 from kzantow/
JENKINS-33770-security-token-not-always-required[FIX JENKINS-33770] Prevent unauthenticated user registration
Compare: https://github.com/jenkinsci/jenkins/compare/a9f12093debe...360cfcdcc87f