codecov[bot]
commented
1 week ago Codecov Report
Attention: Patch coverage is 81.81818% with 2 lines in your changes missing coverage. Please review.
Project coverage is 72.47%. Comparing base (
8e99549) to head (791ef3c). Report is 35 commits behind head on master.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| ...va/org/jenkinsci/plugins/oic/OicSecurityRealm.java | 81.81% | 0 Missing and 2 partials :warning: |
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #386 +/- ## ============================================ + Coverage 71.44% 72.47% +1.03% - Complexity 232 244 +12 ============================================ Files 11 12 +1 Lines 991 1021 +30 Branches 142 148 +6 ============================================ + Hits 708 740 +32 + Misses 205 201 -4 - Partials 78 80 +2 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
mikecirioli
Proposing a new option of the
OicSecurityRealmthat will allow an administrator to Allow access using a Jenkins API token without an OIDC Session.Currently, when using the
oic-authplugin, if a user explicitly logs out of the IdP then they will now longer be able to perform any sort of action usingjenkins api tokensbecause theoic-authplugin will reject the request due to theOicSessionbeing null. This behavior may make sense for some users, but it can cause problems for other users who may be relying on external automation tools which make use ofjenkins api tokensfor authentication.This PR introduces a new (optional, disabled by default) configuration which lets an admin re-enable the traditional jenkins api token access behavior. This is accomplished by checking to see if a request appears to be using a valid
jenkins api token, and if so hands of the request processing to the next filter in the chain instead of procssessing it as an OIC based access request.Testing done
new unit test has been added to validate the new functionality
Submitter checklist