Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55181

Input submitter parameter should use the current IdStrategy to match against current user

XMLWordPrintable

    • pipeline-input-step 2.9

      Problem statement

      Depending on the current SecurityRealm, the input step will refuse or accept submitters depending on the case sensitivity settings.

      Despite there is probably some logic to be improved too on various SecurityRealm implementations, I think there is still an improvement to be done on the Pipeline-input side. Bonus point: it's also likely much simpler than addressing all SecurityRealms implems out there.

      Example:

      input message: "blah", submitter: "SomeUser"

      Even if the strategy is the default CASE_INSENSITIVE one, the configuration above will reject a user logged in as someuser.

      Expected behavior

      The SecurityRealm core class already defines the so-called IdStrategy which contain various methods for comparing and sorting user ids. I think the input step logic around validating the current user against the submitters list should be using this implementation.

      References:

          [JENKINS-55181] Input submitter parameter should use the current IdStrategy to match against current user

          Baptiste Mathus created issue -
          Baptiste Mathus made changes -
          Description Original: h3. Problem statement

          Depending on the current SecurityRealm, the input step will refuse of accept submitters with or without taking the case sensitivity in account.

          Despite there is some logic probably to be improved too on various SecurityRealm implementations, I think there is still a bug, or at least a possible improvement, on the Pipeline-input side.


          Example:


          {code:groovy}
          input message: "blah", submitter: "SomeUser"
          {code}




          h3. Expected behavior

          The SecurityRealm core class already defines the so-called IdStrategy which contain various methods for comparing and sorting user ids. I think the input step logic around validating the current user against the submitters list should be using this implementation.

          		 New: h3. Problem statement

          Depending on the current SecurityRealm, the input step will refuse or accept submitters depending on the case sensitivity settings.

          Despite there is probably some logic to be improved too on various SecurityRealm implementations, I think there is still an improvement to be done on the Pipeline-input side. Bonus point: it's also likely much simpler than addressing all SecurityRealms implems out there.

          Example:
          {code}
          input message: "blah", submitter: "SomeUser"
          {code}

          Even if the strategy is the default [CASE_INSENSITIVE|https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58] one, the configuration above will reject a user logged in as {{someuser}}.

          h3. Expected behavior

          The SecurityRealm core class already defines the so-called IdStrategy which contain various methods for comparing and sorting user ids. I think the input step logic around validating the current user against the submitters list should be using this implementation.

          References:
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/model/IdStrategy.java
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/security/SecurityRealm.java
          * https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58
          Baptiste Mathus made changes -
          Description Original: h3. Problem statement

          Depending on the current SecurityRealm, the input step will refuse or accept submitters depending on the case sensitivity settings.

          Despite there is probably some logic to be improved too on various SecurityRealm implementations, I think there is still an improvement to be done on the Pipeline-input side. Bonus point: it's also likely much simpler than addressing all SecurityRealms implems out there.

          Example:
          {code}
          input message: "blah", submitter: "SomeUser"
          {code}

          Even if the strategy is the default [CASE_INSENSITIVE|https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58] one, the configuration above will reject a user logged in as {{someuser}}.

          h3. Expected behavior

          The SecurityRealm core class already defines the so-called IdStrategy which contain various methods for comparing and sorting user ids. I think the input step logic around validating the current user against the submitters list should be using this implementation.

          References:
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/model/IdStrategy.java
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/security/SecurityRealm.java
          * https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58           		New: h3. Problem statement

          Depending on the current SecurityRealm, the input step will refuse or accept submitters depending on the case sensitivity settings.

          Despite there is probably some logic to be improved too on various SecurityRealm implementations, I think there is still an improvement to be done on the Pipeline-input side. Bonus point: it's also likely much simpler than addressing all SecurityRealms implems out there.

          Example:
          {code}
          input message: "blah", submitter: "SomeUser"
          {code}

          Even if the strategy is the default [CASE_INSENSITIVE|https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58] one, the configuration above will reject a user logged in as {{someuser}}.

          h3. Expected behavior

          The SecurityRealm core class already defines the so-called IdStrategy which contain various methods for comparing and sorting user ids. I think the input step logic around validating the current user against the submitters list should be using this implementation.

          h3. References:
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/model/IdStrategy.java
          * https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/security/SecurityRealm.java
          * https://github.com/jenkinsci/jenkins/blob/486b1566eef41443a34b7b1ec025524c7fecfd56/core/src/main/java/jenkins/model/IdStrategy.java#L58
          Baptiste Mathus made changes -
          Assignee New: Baptiste Mathus [ batmat ]
          Baptiste Mathus made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Baptiste Mathus made changes -
          Remote Link New: This issue links to "PR (Web Link)" [ 22103 ]
          Baptiste Mathus made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Baptiste Mathus made changes -
          Released As New: (toward) 2.9
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Baptiste Mathus made changes -
          Status Original: Resolved [ 5 ] New: Fixed but Unreleased [ 10203 ]
          Baptiste Mathus made changes -
          Released As Original: (toward) 2.9 New: (towards) 2.9
          Devin Nusbaum made changes -
          Released As Original: (towards) 2.9 New: pipeline-input-step 2.9
          Status Original: Fixed but Unreleased [ 10203 ] New: Resolved [ 5 ]

            batmat Baptiste Mathus
            batmat Baptiste Mathus
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: