fix crumb issue with Jenkins 2.176.2+/2.186+ #70
Conversation
|
|
||
| private static String sessionIdCookie(HttpResponse input) { | ||
| return input.getHeaders().get(HttpHeaders.SET_COOKIE).stream() | ||
| .filter(c -> c.startsWith("JSESSIONID")) |
There was a problem hiding this comment.
Can we turn JSESSIONID into a static final String constant and put it somewhere that makes the most sense? Believe there is a static-variables class around here somewhere
There was a problem hiding this comment.
I found the com.cdancy.jenkins.rest.JenkinsConstants class. Is that the one you had in mind?
There was a problem hiding this comment.
done, see d0a16f2
|
Thanks @cdancy for the quick feedbacks, I will manage them soon |
|
@tbouffard sounds good and thanks! Let me know if you need any help one way or another. |
|
@tbouffard have you tested the impl yet? Are you happy with things? Any gotchas one way or another? |
|
I didn't have much time to work on this PR except to ensure that I have a correct Jenkins instance for integration tests (see #72). |
|
I have some time today to work on this. The issue I mentionned in #70 (comment) was the one seen on #75 On Jenkins 2.164.3 without fix (master commit 401f4f3) java.lang.AssertionError: expected object to not be null
at org.testng.Assert.fail(Assert.java:93)
at org.testng.Assert.assertNotNull(Assert.java:422)
at org.testng.Assert.assertNotNull(Assert.java:407)
at com.cdancy.jenkins.rest.features.CrumbIssuerApiLiveTest.testGetCrumb(CrumbIssuerApiLiveTest.java:34)2.164.3 with the fix (commit d0a16f2)
2.190.3 with the fix (commit d0a16f2)
|
|
@tbouffard let me know if you need any help here. Would be great to have this in and "just work" across the board. |
|
@cdancy I have finally figured out the cause of the failure with Jenkins 2.176.2+, see Can you run the tests on your side to ensure I didn't miss anything with my own testing? |
|
@tbouffard yes please rebase off of master and I'll run things as here as well. |
Always pass the JSESSIONID in addition to the crumb See https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626 Closes cdancy#67
My tests shown that there is no JSESSIONID in Jenkins 2.176.1 and as we cannot set cookie with null value, put an empty String in that case
This avoids passing empty cookie in requestq
Fix regression introduced by 9d991e2
tbouffard
force-pushed
the
issue_crumb_and_sessionId_with_Jenkins_2.176.2+
branch
from
5d70101 to
0fe36fb
Compare
|
Rebase done. If Travis tests pass, I will bump the jenkins version used in the Docker container to the latest one (2.190.3) |
|
@tbouffard thanks for the fix/enhancement! |
|
@tbouffard release |
|
@cdancy Great and thanks for the support. Very helpful to make this contribution complete. I hope to be quicker next time 😄 |
tbouffard
deleted the
issue_crumb_and_sessionId_with_Jenkins_2.176.2+
branch
|
@tbouffard no worries. We all have lives and day-jobs to attend to. Just happy for the contribution either way. |
Always pass the JSESSIONID in addition to the crumb
See https://jenkins.io/security/advisory/2019-07-17/#SECURITY-626
closes #67
Implementation note
I am not used to playing with AutoValue and jclouds, so don't hesitate to spot any bad practices on these areas 😸