Skip to content

Favour Secret tokens over String tokens #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mezpahlan merged 3 commits into from
Apr 30, 2019
Merged

Favour Secret tokens over String tokens #60

mezpahlan merged 3 commits into from
Apr 30, 2019

Conversation

@mezpahlan
Copy link

@mezpahlan mezpahlan commented Apr 19, 2019

Deprecates the use of String tokens as the old method stored credentials in plain text.

Note: This plugin is to be deprecated soon as the HockeyApp service is going to be closed at the end of the year. So I don't particularly mind if the implementation could be better. The whole plugin is going to be re-written anyway.

This is an alternative to #59 . I'll be happy to accept one or the other. I don't think we need both.

@mezpahlan
Copy link
Author

mezpahlan commented Apr 19, 2019

Hi @daniel-beck this is the patch for SECURITY-839 that I didn't get time to do in March. Would you mind giving it a quick review? Also @jenkinsci/code-reviewers if anyone has time.

This version uses your suggestion of simply changing over to use Secrets from String. Much simpler! I wish I had done this sooner.

@mezpahlan
Copy link
Author

mezpahlan commented Apr 29, 2019

Hi @daniel-beck any final thoughts on this before I merge it in? What would you recommend to put in the changelog on the wiki page? Just something to say users should consider their credentials compromised and to change them? Or something else? Many thanks.

@daniel-beck
Copy link
Member

daniel-beck commented Apr 29, 2019
edited
Loading

Most of the content of this patch is unnecessary. You can change the field type, and the next time this gets saved, the secret will be encrypted on disk. Change the form field type and a few getter/setter types and you should be done.

@daniel-beck
Copy link
Member

daniel-beck commented Apr 29, 2019

Just something to say users should consider their credentials compromised and to change them? Or something else?

Depends on the setup. If there are other users with local disk access, or backups that exclude secrets/ have been compromised, then perhaps. But in general, would just summarize as in the advisory and let users decide what it means for their setup. I would expect it to not actually matter for most of them.

@mezpahlan
Copy link
Author

mezpahlan commented Apr 30, 2019

Thanks, this plugin has some odd legacy use cases with default tokens that I really struggled with. If there is unnecessary stuff in the PR, at this stage, I don't mind. I want to deprecate this plugin because the service is being shutdown at the end of the year.

If anyone else wants to spend time wrestling with this code base then I'd welcome a hand but for now I'm done.

Anyways, thanks for the reviews. Appreciate it.

@mezpahlan mezpahlan merged commit 9b91ae2 into jenkinsci:master Apr 30, 2019
@mezpahlan mezpahlan deleted the bugfix/JENKINS-57005-redux branch April 30, 2019 19:21
@mezpahlan mezpahlan mentioned this pull request Apr 30, 2019
Closed
@njtman
Copy link

njtman commented May 2, 2019
edited
Loading

What does the new Jenkins pipeline API look like? We upgraded our plugin and the build is now failing. It appears apiToken changed to apiTokenSecret, but what is the appropriate format? Can you provide a sample demonstrating how one would pull a secret from the Jenkins credentials plugin and then pass it to this plugin?

@mezpahlan
Copy link
Author

mezpahlan commented May 3, 2019

@njtman If you can roll back then give that a go. Clearly I don't understand Jenkins as I thought. I thought changing the type to Secret was transparent to using a String (which does seem to be the case for Free style jobs) but not for pipelines.

I'll look into a fix over the weekend.

Apologies.

@njtman
Copy link

njtman commented May 3, 2019

@mezpahlan Thanks for the response. Yes, we did rollback and everything is running normally.

Before rolling back, we did get this to work by changing apiToken to apiTokenSecret and changing the value passed from type string to type hudson.util.Secret. This is not ideal however because we needed to globally whitelist the staticMethod hudson.util.Secret fromString java.lang.String signature and change our pipeline code to conform to the new API.

Ideally, the interface should remain the same and only the internal implementation should change. I discovered the interface change after my pipeline failed and I tried regenerating the pipeline script from the Snippet Generator -> hockeyApp: Upload to HockeyApp page on my Jenkins instance.

mezpahlan added a commit to mezpahlan/hockeyapp-plugin that referenced this pull request May 3, 2019
@mezpahlan
Revert "Favour Secret tokens over String tokens (jenkinsci#60)"
c3c512f 
This reverts commit 9b91ae2
@mezpahlan mezpahlan mentioned this pull request May 3, 2019
Merged
mezpahlan added a commit that referenced this pull request May 7, 2019
@mezpahlan
[JENKINS-57319] Pipeline fails with incorrect type (#61)
cdf63cd 
* Revert "Favour Secret tokens over String tokens (#60)"

This reverts commit 9b91ae2

* Change type of jelly ui form control to password

* Change field type of token to Secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mezpahlan @daniel-beck @njtman