From eddefb8dc0ea3a22e44da278b06eb838870264da Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Sun, 23 Oct 2022 19:24:20 +0200 Subject: [PATCH] fix: Stapler: Missing POST/RequirePOST annotation (#277) --- .../plugins/saml/IdpMetadataConfiguration.java | 6 ++++++ .../plugins/saml/SamlAdvancedConfiguration.java | 5 +++++ .../org/jenkinsci/plugins/saml/SamlEncryptionData.java | 6 ++++++ .../org/jenkinsci/plugins/saml/SamlSecurityRealm.java | 10 +++++++++- 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/saml/IdpMetadataConfiguration.java b/src/main/java/org/jenkinsci/plugins/saml/IdpMetadataConfiguration.java index c6f4effa..1a713529 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/IdpMetadataConfiguration.java +++ b/src/main/java/org/jenkinsci/plugins/saml/IdpMetadataConfiguration.java @@ -24,6 +24,7 @@ import org.apache.commons.lang.StringUtils; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; +import org.kohsuke.stapler.interceptor.RequirePOST; import hudson.Extension; import hudson.ProxyConfiguration; import hudson.model.AbstractDescribableImpl; @@ -192,6 +193,7 @@ public String getDisplayName() { return ""; } + @RequirePOST public FormValidation doTestIdpMetadata(@QueryParameter("xml") String xml) { if (StringUtils.isBlank(xml)) { return FormValidation.error(ERROR_IDP_METADATA_EMPTY); @@ -200,10 +202,12 @@ public FormValidation doTestIdpMetadata(@QueryParameter("xml") String xml) { return new SamlValidateIdPMetadata(xml).get(); } + @RequirePOST public FormValidation doCheckPeriod(@QueryParameter("period") String period) { return SamlFormValidation.checkIntegerFormat(period); } + @RequirePOST public FormValidation doCheckXml(@QueryParameter("xml") String xml, @QueryParameter("url") String url) { if (StringUtils.isBlank(xml) && StringUtils.isBlank(url)) { return FormValidation.error(ERROR_IDP_METADATA_EMPTY); @@ -212,6 +216,7 @@ public FormValidation doCheckXml(@QueryParameter("xml") String xml, @QueryParame return FormValidation.ok(); } + @RequirePOST public FormValidation doCheckUrl(@QueryParameter("url") String url) { if (StringUtils.isEmpty(url)) { return FormValidation.ok(); @@ -224,6 +229,7 @@ public FormValidation doCheckUrl(@QueryParameter("url") String url) { return FormValidation.ok(); } + @RequirePOST public FormValidation doTestIdpMetadataURL(@QueryParameter("url") String url) { URLConnection urlConnection; try { diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlAdvancedConfiguration.java b/src/main/java/org/jenkinsci/plugins/saml/SamlAdvancedConfiguration.java index 1536521f..84bb3c39 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlAdvancedConfiguration.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlAdvancedConfiguration.java @@ -21,6 +21,7 @@ import org.apache.commons.lang.StringUtils; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.DataBoundSetter; +import org.kohsuke.stapler.interceptor.RequirePOST; import hudson.Extension; import hudson.Util; import hudson.model.AbstractDescribableImpl; @@ -103,19 +104,23 @@ public String getDisplayName() { } + @RequirePOST public FormValidation doCheckAuthnContextClassRef(@org.kohsuke.stapler.QueryParameter String authnContextClassRef) { return SamlFormValidation.checkStringFormat(authnContextClassRef); } + @RequirePOST public FormValidation doCheckSpEntityId(@org.kohsuke.stapler.QueryParameter String spEntityId) { return SamlFormValidation.checkStringFormat(spEntityId); } + @RequirePOST public FormValidation doCheckNameIdPolicyFormat(@org.kohsuke.stapler.QueryParameter String nameIdPolicyFormat) { return SamlFormValidation.checkStringFormat(nameIdPolicyFormat); } + @RequirePOST public FormValidation doCheckMaximumSessionLifetime(@org.kohsuke.stapler.QueryParameter String maximumSessionLifetime) { if (StringUtils.isEmpty(maximumSessionLifetime)) { return hudson.util.FormValidation.ok(); diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlEncryptionData.java b/src/main/java/org/jenkinsci/plugins/saml/SamlEncryptionData.java index 6309eb45..7dfece4f 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlEncryptionData.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlEncryptionData.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringUtils; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; +import org.kohsuke.stapler.interceptor.RequirePOST; import hudson.Extension; import hudson.Util; import hudson.model.AbstractDescribableImpl; @@ -148,22 +149,27 @@ public String getDisplayName() { return "Encryption Configuration"; } + @RequirePOST public FormValidation doCheckKeystorePath(@QueryParameter String keystorePath) { return SamlFormValidation.checkStringAttributeFormat(keystorePath, WARN_KEYSTORE_NOT_SET, true); } + @RequirePOST public FormValidation doCheckPrivateKeyAlias(@QueryParameter String privateKeyAlias) { return SamlFormValidation.checkStringAttributeFormat(privateKeyAlias, WARN_PRIVATE_KEY_ALIAS_NOT_SET, true); } + @RequirePOST public FormValidation doCheckKeystorePassword(@QueryParameter String keystorePassword) { return SamlFormValidation.checkStringAttributeFormat(keystorePassword, WARN_PRIVATE_KEYSTORE_PASS_NOT_SET, true); } + @RequirePOST public FormValidation doCheckPrivateKeyPassword(@QueryParameter String privateKeyPassword) { return SamlFormValidation.checkStringAttributeFormat(privateKeyPassword, WARN_PRIVATE_KEY_PASS_NOT_SET, true); } + @RequirePOST public FormValidation doTestKeyStore(@QueryParameter("keystorePath") String keystorePath, @QueryParameter("keystorePassword") Secret keystorePassword, @QueryParameter("privateKeyPassword") Secret privateKeyPassword, diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java index c26b91ed..2d1687cf 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java @@ -52,7 +52,6 @@ import org.pac4j.core.exception.http.SeeOtherAction; import org.springframework.dao.DataAccessException; import org.pac4j.saml.profile.SAML2Profile; -import org.springframework.dao.DataAccessException; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -252,6 +251,7 @@ public String getLoginUrl() { * @return the http response. */ @SuppressWarnings("unused") + @RequirePOST public HttpResponse doCommenceLogin(final StaplerRequest request, final StaplerResponse response, @QueryParameter String from, @Header("Referer") final String referer) { LOG.fine("SamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl " + getSamlPluginConfig().getConsumerServiceUrl()); @@ -596,6 +596,7 @@ static String getSPMetadataFilePath() { * @return the http response. */ @SuppressWarnings("unused") + @RequirePOST public HttpResponse doMetadata(StaplerRequest request, StaplerResponse response) { return new SamlSPMetadataWrapper(getSamlPluginConfig(), request, response).get(); } @@ -618,6 +619,7 @@ protected String getPostLogOutUrl(StaplerRequest req, @Nonnull Authentication au } @Override + @RequirePOST public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, javax.servlet.ServletException { super.doLogout(req, rsp); LOG.log(Level.FINEST, "Here we could do the SAML Single Logout"); @@ -680,26 +682,32 @@ public String getDisplayName() { return "SAML 2.0"; } + @RequirePOST public FormValidation doCheckLogoutUrl(@QueryParameter String logoutUrl) { return SamlFormValidation.checkUrlFormat(logoutUrl); } + @RequirePOST public FormValidation doCheckDisplayNameAttributeName(@QueryParameter String displayNameAttributeName) { return SamlFormValidation.checkStringFormat(displayNameAttributeName); } + @RequirePOST public FormValidation doCheckGroupsAttributeName(@QueryParameter String groupsAttributeName) { return SamlFormValidation.checkStringAttributeFormat(groupsAttributeName, SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_GROUPS_ATTRIBUTE, true); } + @RequirePOST public FormValidation doCheckUsernameAttributeName(@QueryParameter String usernameAttributeName) { return SamlFormValidation.checkStringAttributeFormat(usernameAttributeName, SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_USERNAME_ATTRIBUTE, true); } + @RequirePOST public FormValidation doCheckEmailAttributeName(@QueryParameter String emailAttributeName) { return SamlFormValidation.checkStringAttributeFormat(emailAttributeName, SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_EMAIL_ATTRIBUTE, true); } + @RequirePOST public FormValidation doCheckMaximumAuthenticationLifetime(@QueryParameter String maximumAuthenticationLifetime) { return SamlFormValidation.checkIntegerFormat(maximumAuthenticationLifetime); }