Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47426

ClientAuthenticationCache#getPropertyKey not consistent when rootUrl is not set

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • cli
    • None

      Given an instance of Jenkins where the rootUrl is not configured (dev instance, etc.), the ClientAuthenticationCache is not working as expected.

      Normally it's responsible to store the authentications between login and logout command from the CLI. To avoid conflict between multiple instances of Jenkins, there is a propertyKey that is computed using the rootUrl. In the case there is no rootUrl, the propertyKey is computed using the following fallback : `Secret.fromString("key").getEncryptedValue()`.

      The problem is that the IV of that new Secret is not set and so the getEncryptedValue will return a new value for each call to getPropertyKey(). So when we want to store the authentication we compute a propertyKey and then when we try to retrieve the information we compute new propertyKey at each time. Due to that behavior, the login CLI command does not work as expected when the rootUrl is not set.

      Having the "rootUrl not set" will generate a warning when the AdminMonitor from JENKINS-31661 will be implemented.

          [JENKINS-47426] ClientAuthenticationCache#getPropertyKey not consistent when rootUrl is not set

          Jesse Glick added a comment -

          Recommend just closing as will not fix, since this class is used only in Remoting mode, which is long deprecated (and you should have a rootUrl set anyway).

          FWIW, reproducible as

          diff --git a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
          index 7f347c3974..cd782f8f48 100644
          --- a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
          +++ b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java
          @@ -113,6 +113,7 @@ public class ClientAuthenticationCacheTest {
                   JenkinsLocationConfiguration.get().setUrl(null);
                   String key = cache.getPropertyKey();
                   assertTrue(key, Secret.decrypt(key) != null);
          +        assertEquals(key, cache.getPropertyKey());
               }
           
               private void assertCLI(int code, @CheckForNull String output, File jar, String... args) throws Exception {
          

          Jesse Glick added a comment - Recommend just closing as will not fix, since this class is used only in Remoting mode, which is long deprecated (and you should have a rootUrl set anyway). FWIW, reproducible as diff --git a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java index 7f347c3974..cd782f8f48 100644 --- a/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java +++ b/test/src/test/java/hudson/cli/ClientAuthenticationCacheTest.java @@ -113,6 +113,7 @@ public class ClientAuthenticationCacheTest { JenkinsLocationConfiguration.get().setUrl( null ); String key = cache.getPropertyKey(); assertTrue(key, Secret.decrypt(key) != null ); + assertEquals(key, cache.getPropertyKey()); } private void assertCLI( int code, @CheckForNull String output, File jar, String ... args) throws Exception {

          Wadeck Follonier added a comment - - edited

          jglick as I saw your comment only now, you can find the quick fix on #3080

          Wadeck Follonier added a comment - - edited jglick as I saw your comment only now, you can find the quick fix on  #3080

            wfollonier Wadeck Follonier
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: