jenkinsci / oic-auth-plugin

A Jenkins plugin which lets you login to Jenkins using your own, self-hosted or public openid connect server.
https://plugins.jenkins.io/oic-auth
MIT License
74 stars 94 forks source link

`OicUserProperty` was discarded after saving the user config page #332

Closed jglick closed 5 months ago

jglick commented 5 months ago

If you log in with OIDC with a groups field defined, then go to your user config page and create an API token, then use that API token to run the CLI command who-am-i, your groups are listed as expected. But if you then Save the same page and try the CLI command again, you are shown as having no groups. This is because saving the page wiped out the OicUserProperty. AFAICT this has been broken since #12. The corrected idiom can be seen in LastGrantedAuthoritiesProperty in core, a very similar property. Actually we could probably use that instead of OicUserProperty by merely calling SecurityListener.fireLoggedIn; I did not try that yet.

codecov[bot] commented 5 months ago

Codecov Report

Attention: Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 73.15%. Comparing base (e327bf2) to head (db811f2). Report is 25 commits behind head on master.

Files Patch % Lines
...ava/org/jenkinsci/plugins/oic/OicUserProperty.java 75.00% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #332 +/- ## ============================================ - Coverage 73.35% 73.15% -0.21% + Complexity 211 209 -2 ============================================ Files 10 10 Lines 882 879 -3 Branches 124 124 ============================================ - Hits 647 643 -4 - Misses 172 173 +1 Partials 63 63 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.