Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48601

Warn admin if he tries to configure GitHub authorization without authentication

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: github-oauth-plugin
    • Labels:
      None
    • Environment:
      github-oauth:0.28
    • Similar Issues:

      Description

      In the security configuration page, the administrator is capable to choose the authorization method GitHub Committer Authorization Strategy without having chosen the authentication to Github Authentication Plugin

      Currently there is a warning in the help box of the authorization: "Requires the Github Authentication Plugin to be used as the authentication source."

      It could be better to have a medium-size orange/red inline warning always displayed (not only when clicking on the help button) as this configuration will simply block the whole system.

        Attachments

          Activity

          Hide
          sag47 Sam Gleske added a comment -

          I agree it makes sense to add a feature like this.  Especially since there's no way that authorization strategy could possibly work without GitHub authentication enabled.  Not sure we can block the user from saving.  In general, Jenkins allows an admin to save configuration even when form validation fails.  Additionally, if we use Jenkins.getInstance().getSecurityRealm() it will always return failed validation when a user is configuring GitHub OAuth for the very first time (because it would always return a non-GitHub security realm and authorization strategy).

          Show
          sag47 Sam Gleske added a comment - I agree it makes sense to add a feature like this.  Especially since there's no way that authorization strategy could possibly work without GitHub authentication enabled.  Not sure we can block the user from saving.  In general, Jenkins allows an admin to save configuration even when form validation fails.  Additionally, if we use Jenkins.getInstance().getSecurityRealm() it will always return failed validation when a user is configuring GitHub OAuth for the very first time (because it would always return a non-GitHub security realm and authorization strategy).
          Hide
          wfollonier Wadeck Follonier added a comment -

          Sam Gleske yeah I thought more about some JavaScript just to ensure the user is sufficiantly warned about that. I recently missconfigured my instance during the test of the plugin and it requires to reset the security.

          Show
          wfollonier Wadeck Follonier added a comment - Sam Gleske yeah I thought more about some JavaScript just to ensure the user is sufficiantly warned about that. I recently missconfigured my instance during the test of the plugin and it requires to reset the security.

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: