After installing the suggested plugins in the setup wizard, the user is asked specify admin user credentials and name.

      None of these fields is marked as required, but leaving the E-Mail address field empty freezes the setup wizard after hitting Save and Finish.

      The request triggers the following exception output:

      Jul 09, 2017 1:56:38 PM hudson.init.impl.InstallUncaughtExceptionHandler$1 reportException
      WARNING: null
      java.io.IOException: finished
       at com.jcraft.jzlib.DeflaterOutputStream.write(DeflaterOutputStream.java:90)

      As the setup wizard disables all buttons, the only chance for the user is to reload the page (which allows the user to think again and enter more values and finally successfully finish the wizard).

      While the POST request to 

      /setupWizard/createAdminUser

      is actually responded with 200 OK, its HTML body containing the message Invalid e-mail address is not displayed to the user (only visible using the developer tools).

       

          [JENKINS-45387] Setup wizard hangs when email not entered

          I'm able to reproduce this as well.

          MICHAEL PERZEL added a comment - I'm able to reproduce this as well.

          Philipp Nowak added a comment - - edited

          I think I have identified the issue and am working on a Pull Request with a fix.

          Basically, the SetupWizard calls the security realm for validation of the entered data, but that method already sends a response, so the SetupWizard can't send another response. (This causes the stack trace)

          Also, the frontend part is doing some black magic with iframes that seems to be blocked by at least Chrome (XSS; This causes the response to not show in the browser) and doesn't re-enable the buttons after an error response. (This causes the buttons being greyed out)

          Philipp Nowak added a comment - - edited I think I have identified the issue and am working on a Pull Request with a fix. Basically, the SetupWizard calls the security realm for validation of the entered data, but that method already sends a response, so the SetupWizard can't send another response. (This causes the stack trace) Also, the frontend part is doing some black magic with iframes that seems to be blocked by at least Chrome (XSS; This causes the response to not show in the browser) and doesn't re-enable the buttons after an error response. (This causes the buttons being greyed out)

          Philipp Nowak added a comment -

          Philipp Nowak added a comment - Here's the pull request:  https://github.com/jenkinsci/jenkins/pull/3116

          Code changed in jenkins
          User: Literallie
          Path:
          core/src/main/java/hudson/security/AccountCreationFailedException.java
          core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
          core/src/main/java/jenkins/install/SetupWizard.java
          war/src/main/js/pluginSetupWizardGui.js
          war/src/main/js/templates/firstUserPanel.hbs
          http://jenkins-ci.org/commit/jenkins/12031d7d59409186c8c36ac791736e475a883dc2
          Log:
          JENKINS-45387 Fix validation error displaying in setup wizard's "create first admin" form (#3116)

          • JENKINS-45387 Improve setup wizard account creation in security realm

          This commit adds an additional account creation method to the
          security realm, that allows to create a new user account (as the system)
          and is intended to be used by the setup wizard.

          The main difference to the existing method is that the new method does
          not force the Stapler to send a response, but instead throws an
          exception if invalid data is submitted. This allows to call this from
          the setup wizard, and send the response there. (This is necessary
          because the setup wizard method has a response return type and
          there is no way to access the response already send in the realm)

          Further, it splits the private createAccount() method for
          clarity as well as to allow code reuse from the new method.

          • JENKINS-45387 Fix SetupWizard sending responses twice on create admin

          This commit fixes an issue where the SetupWizard class would send
          two responses (indirectly) when invalid form data was provided for
          creating the first admin account.

          • [Fix JENKINS-45387] Setup wizard not displaying first account errors

          This commit fixes the setup wizard not displaying HTML error
          responses upon first account creation.

          Previously, it just froze (buttons were not re-enabled) and didn't
          display responses. (Probably caused by XSS policies on the iframe)

          As per
          https://github.com/jenkinsci/jenkins/pull/3116#discussion_r172031063
          https://github.com/jenkinsci/jenkins/pull/3116#discussion_r172051979

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Literallie Path: core/src/main/java/hudson/security/AccountCreationFailedException.java core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java core/src/main/java/jenkins/install/SetupWizard.java war/src/main/js/pluginSetupWizardGui.js war/src/main/js/templates/firstUserPanel.hbs http://jenkins-ci.org/commit/jenkins/12031d7d59409186c8c36ac791736e475a883dc2 Log: JENKINS-45387 Fix validation error displaying in setup wizard's "create first admin" form (#3116) JENKINS-45387 Improve setup wizard account creation in security realm This commit adds an additional account creation method to the security realm, that allows to create a new user account (as the system) and is intended to be used by the setup wizard. The main difference to the existing method is that the new method does not force the Stapler to send a response, but instead throws an exception if invalid data is submitted. This allows to call this from the setup wizard, and send the response there. (This is necessary because the setup wizard method has a response return type and there is no way to access the response already send in the realm) Further, it splits the private createAccount() method for clarity as well as to allow code reuse from the new method. JENKINS-45387 Fix SetupWizard sending responses twice on create admin This commit fixes an issue where the SetupWizard class would send two responses (indirectly) when invalid form data was provided for creating the first admin account. [Fix JENKINS-45387] Setup wizard not displaying first account errors This commit fixes the setup wizard not displaying HTML error responses upon first account creation. Previously, it just froze (buttons were not re-enabled) and didn't display responses. (Probably caused by XSS policies on the iframe) JENKINS-45387 Add some @Restricted annotations As per https://github.com/jenkinsci/jenkins/pull/3116#discussion_r172031063 https://github.com/jenkinsci/jenkins/pull/3116#discussion_r172051979

          Oleg Nenashev added a comment -

          The patch has been integrated towards 2.111

          Oleg Nenashev added a comment - The patch has been integrated towards 2.111

            xxyy Philipp Nowak
            stephenking Steffen Gebert
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: