Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48601

Warn admin if he tries to configure GitHub authorization without authentication

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • github-oauth-plugin
    • None
    • github-oauth:0.28

      In the security configuration page, the administrator is capable to choose the authorization method GitHub Committer Authorization Strategy without having chosen the authentication to Github Authentication Plugin

      Currently there is a warning in the help box of the authorization: "Requires the Github Authentication Plugin to be used as the authentication source."

      It could be better to have a medium-size orange/red inline warning always displayed (not only when clicking on the help button) as this configuration will simply block the whole system.

          [JENKINS-48601] Warn admin if he tries to configure GitHub authorization without authentication

          Sam Gleske added a comment -

          I agree it makes sense to add a feature like this.  Especially since there's no way that authorization strategy could possibly work without GitHub authentication enabled.  Not sure we can block the user from saving.  In general, Jenkins allows an admin to save configuration even when form validation fails.  Additionally, if we use Jenkins.getInstance().getSecurityRealm() it will always return failed validation when a user is configuring GitHub OAuth for the very first time (because it would always return a non-GitHub security realm and authorization strategy).

          Sam Gleske added a comment - I agree it makes sense to add a feature like this.  Especially since there's no way that authorization strategy could possibly work without GitHub authentication enabled.  Not sure we can block the user from saving.  In general, Jenkins allows an admin to save configuration even when form validation fails.  Additionally, if we use Jenkins.getInstance().getSecurityRealm() it will always return failed validation when a user is configuring GitHub OAuth for the very first time (because it would always return a non-GitHub security realm and authorization strategy).

          sag47 yeah I thought more about some JavaScript just to ensure the user is sufficiantly warned about that. I recently missconfigured my instance during the test of the plugin and it requires to reset the security.

          Wadeck Follonier added a comment - sag47 yeah I thought more about some JavaScript just to ensure the user is sufficiantly warned about that. I recently missconfigured my instance during the test of the plugin and it requires to reset the security.

            sag47 Sam Gleske
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: