Skip to content

Commit 1821a0c

Browse files
samrocketmansamrocketman
committed
Merge PR jenkinsci#51 [JENKINS-28319] encrypt the client secret
2 parents 586af55 + 72fd51a commit 1821a0c

File tree

2 files changed

+12
-16
lines changed

2 files changed

+12
-16
lines changed

src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java

Lines changed: 9 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ of this software and associated documentation files (the "Software"), to deal
4242
import hudson.security.UserMayOrMayNotExistException;
4343
import hudson.tasks.Mailer;
4444
import hudson.Util;
45+
import hudson.util.Secret;
4546
import java.io.IOException;
4647
import java.lang.reflect.InvocationTargetException;
4748
import java.lang.reflect.Method;
@@ -105,7 +106,7 @@ public class GithubSecurityRealm extends SecurityRealm implements UserDetailsSer
105106
private String githubWebUri;
106107
private String githubApiUri;
107108
private String clientID;
108-
private String clientSecret;
109+
private Secret clientSecret;
109110
private String oauthScopes;
110111
private String[] myScopes;
111112

@@ -129,7 +130,7 @@ public GithubSecurityRealm(String githubWebUri,
129130
this.githubWebUri = Util.fixEmptyAndTrim(githubWebUri);
130131
this.githubApiUri = Util.fixEmptyAndTrim(githubApiUri);
131132
this.clientID = Util.fixEmptyAndTrim(clientID);
132-
this.clientSecret = Util.fixEmptyAndTrim(clientSecret);
133+
setClientSecret(Util.fixEmptyAndTrim(clientSecret));
133134
this.oauthScopes = Util.fixEmptyAndTrim(oauthScopes);
134135
}
135136

@@ -154,7 +155,7 @@ public GithubSecurityRealm(String githubWebUri,
154155
this.githubWebUri = Util.fixEmptyAndTrim(githubWebUri);
155156
this.githubApiUri = Util.fixEmptyAndTrim(githubApiUri);
156157
this.clientID = Util.fixEmptyAndTrim(clientID);
157-
this.clientSecret = Util.fixEmptyAndTrim(clientSecret);
158+
setClientSecret(Util.fixEmptyAndTrim(clientSecret));
158159
this.oauthScopes = DEFAULT_OAUTH_SCOPES;
159160
}
160161

@@ -173,7 +174,7 @@ public GithubSecurityRealm(String githubWebUri, String clientID, String clientSe
173174
this.githubWebUri = Util.fixEmptyAndTrim(githubWebUri);
174175
this.githubApiUri = determineApiUri(this.githubWebUri);
175176
this.clientID = Util.fixEmptyAndTrim(clientID);
176-
this.clientSecret = Util.fixEmptyAndTrim(clientSecret);
177+
setClientSecret(Util.fixEmptyAndTrim(clientSecret));
177178
this.oauthScopes = DEFAULT_OAUTH_SCOPES;
178179
}
179180

@@ -225,7 +226,7 @@ private void setClientID(String clientID) {
225226
* @param clientSecret the clientSecret to set
226227
*/
227228
private void setClientSecret(String clientSecret) {
228-
this.clientSecret = clientSecret;
229+
this.clientSecret = Secret.fromString(clientSecret);
229230
}
230231

231232
/**
@@ -286,7 +287,7 @@ public void marshal(Object source, HierarchicalStreamWriter writer,
286287
writer.endNode();
287288

288289
writer.startNode("clientSecret");
289-
writer.setValue(realm.getClientSecret());
290+
writer.setValue(realm.getClientSecret().getEncryptedValue());
290291
writer.endNode();
291292

292293
writer.startNode("oauthScopes");
@@ -371,7 +372,7 @@ public String getClientID() {
371372
/**
372373
* @return the clientSecret
373374
*/
374-
public String getClientSecret() {
375+
public Secret getClientSecret() {
375376
return clientSecret;
376377
}
377378

@@ -382,12 +383,6 @@ public String getOauthScopes() {
382383
return oauthScopes;
383384
}
384385

385-
// @Override
386-
// public Filter createFilter(FilterConfig filterConfig) {
387-
//
388-
// return new GithubOAuthAuthenticationFilter();
389-
// }
390-
391386
public HttpResponse doCommenceLogin(StaplerRequest request, @Header("Referer") final String referer)
392387
throws IOException {
393388
request.getSession().setAttribute(REFERER_ATTRIBUTE,referer);
@@ -735,7 +730,7 @@ public void onLoaded() {
735730
if(instance.getSecurityRealm() instanceof GithubSecurityRealm) {
736731
GithubSecurityRealm myRealm = (GithubSecurityRealm) instance.getSecurityRealm();
737732
if(myRealm.getOauthScopes() == null) {
738-
GithubSecurityRealm newRealm = new GithubSecurityRealm(myRealm.getGithubWebUri(), myRealm.getGithubApiUri(), myRealm.getClientID(), myRealm.getClientSecret());
733+
GithubSecurityRealm newRealm = new GithubSecurityRealm(myRealm.getGithubWebUri(), myRealm.getGithubApiUri(), myRealm.getClientID(), myRealm.getClientSecret().getPlainText());
739734
instance.setSecurityRealm(newRealm);
740735
instance.save();
741736
}

src/test/java/org/jenkinsci/plugins/GithubSecurityRealmTest.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,13 +24,14 @@ of this software and associated documentation files (the "Software"), to deal
2424

2525
package org.jenkinsci.plugins;
2626

27+
import hudson.util.Secret;
2728
import java.io.IOException;
28-
import junit.framework.TestCase;
29+
import org.jvnet.hudson.test.HudsonTestCase;
2930
import org.jenkinsci.plugins.GithubSecurityRealm.DescriptorImpl;
3031
import org.junit.runner.RunWith;
3132
import org.junit.Test;
3233

33-
public class GithubSecurityRealmTest extends TestCase {
34+
public class GithubSecurityRealmTest extends HudsonTestCase {
3435

3536
@Test
3637
public void testEquals_true() {

0 commit comments

Comments
 (0)