search

txels / autojenkins

Jenkins automation scripts
http://autojenkins.readthedocs.org/
169 stars 61 forks source link

CSRF Protection support #30

Open Nachtfeuer opened 8 years ago

Nachtfeuer commented 8 years ago

When you read here: https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API

The problem is when the "Prevent Cross Site Request Forgery exploits" is enabled with a default user then you need to fetch the token (see link) and passing it to the POST request. For the moment I disabled that on my local Jenkins to try out this library but finally that "feature" would be required.

Nachtfeuer commented 8 years ago

Providing you some help on it: You can specify another constant along with the ones you already have: CRUMB='{0}/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

    def get_crumb(self):
        """
        Get crumb token required when the option
        'Prevent Cross Site Request Forgery exploits' is enable
        in the global security section of Jenkins.
        """
        response = self._build_get(CRUMB)
        return response.text

For each command (create, build, ...) you require handling by splitting the return of that functions which is "key:value" adding this to the request header.