-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
github-oauth:0.28
In the security configuration page, the administrator is capable to choose the authorization method GitHub Committer Authorization Strategy without having chosen the authentication to Github Authentication Plugin.
Currently there is a warning in the help box of the authorization: "Requires the Github Authentication Plugin to be used as the authentication source."
It could be better to have a medium-size orange/red inline warning always displayed (not only when clicking on the help button) as this configuration will simply block the whole system.
I agree it makes sense to add a feature like this. Especially since there's no way that authorization strategy could possibly work without GitHub authentication enabled. Not sure we can block the user from saving. In general, Jenkins allows an admin to save configuration even when form validation fails. Additionally, if we use Jenkins.getInstance().getSecurityRealm() it will always return failed validation when a user is configuring GitHub OAuth for the very first time (because it would always return a non-GitHub security realm and authorization strategy).