Closed mikecirioli closed 5 days ago
Attention: Patch coverage is 81.81818%
with 2 lines
in your changes missing coverage. Please review.
Project coverage is 72.47%. Comparing base (
8e99549
) to head (791ef3c
). Report is 35 commits behind head on master.
Files with missing lines | Patch % | Lines |
---|---|---|
...va/org/jenkinsci/plugins/oic/OicSecurityRealm.java | 81.81% | 0 Missing and 2 partials :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
I plan to merge this at the end of the day today unless anyone has an objection
cc: @jenkinsci/oic-auth-plugin-developers
Proposing a new option of the
OicSecurityRealm
that will allow an administrator to Allow access using a Jenkins API token without an OIDC Session.Currently, when using the
oic-auth
plugin, if a user explicitly logs out of the IdP then they will now longer be able to perform any sort of action usingjenkins api tokens
because theoic-auth
plugin will reject the request due to theOicSession
being null. This behavior may make sense for some users, but it can cause problems for other users who may be relying on external automation tools which make use ofjenkins api tokens
for authentication.This PR introduces a new (optional, disabled by default) configuration which lets an admin re-enable the traditional jenkins api token access behavior. This is accomplished by checking to see if a request appears to be using a valid
jenkins api token
, and if so hands of the request processing to the next filter in the chain instead of procssessing it as an OIC based access request.Testing done
new unit test has been added to validate the new functionality
Submitter checklist