Package jenkins.security

Class ApiTokenProperty.DescriptorImpl

    • Constructor Detail

      • DescriptorImpl

        public DescriptorImpl()

    • Method Detail

      • getDisplayName

        @NonNull
public String getDisplayName()
        Description copied from class: Descriptor
        Human readable name of this kind of configurable object. Should be overridden for most descriptors, if the display name is visible somehow. As a fallback it uses Class.getSimpleName() on Descriptor.clazz, so for example MyThing from some.pkg.MyThing.DescriptorImpl. Historically some implementations returned null as a way of hiding the descriptor from the UI, but this is generally managed by an explicit method such as isEnabled or isApplicable.
        Overrides:
        getDisplayName in class Descriptor<UserProperty>

      • getNoLegacyToken

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public String getNoLegacyToken()

      • newInstance

        public ApiTokenProperty newInstance​(User user)
        New approach: API Token are generated only when a user request a new one. The value is randomly generated without any link to the user and only displayed to him the first time. We only store the hash for future comparisons. Legacy approach: When we are creating a default ApiTokenProperty for User, we need to make sure it yields the same value for the same user, because there's no guarantee that the property is saved. But we also need to make sure that an attacker won't be able to guess the initial API token value. So we take the seed by hashing the secret + user ID.
        Specified by:
        newInstance in class UserPropertyDescriptor
        Returns:
        null if the implementation choose not to add any property object for such user.

      • isStatisticsEnabled

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean isStatisticsEnabled()

      • mustDisplayLegacyApiToken

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean mustDisplayLegacyApiToken​(User propertyOwner)

      • hasCurrentUserRightToGenerateNewToken

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean hasCurrentUserRightToGenerateNewToken​(User propertyOwner)

      • doGenerateNewToken

        public org.kohsuke.stapler.HttpResponse doGenerateNewToken​(@AncestorInPath
                                                           User u,
                                                           @QueryParameter
                                                           String newTokenName)
                                                    throws IOException
        Throws:
        IOException

      • doAddFixedToken

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doAddFixedToken​(@AncestorInPath
                                                        User u,
                                                        @QueryParameter
                                                        String newTokenName,
                                                        @QueryParameter
                                                        String newTokenPlainValue)
                                                 throws IOException
        This method is dangerous and should not be used without caution. The token passed here could have been tracked by different network system during its trip. It is recommended to revoke this token after the generation of a new one.
        Throws:
        IOException

      • doRename

        public org.kohsuke.stapler.HttpResponse doRename​(@AncestorInPath
                                                 User u,
                                                 @QueryParameter
                                                 String tokenUuid,
                                                 @QueryParameter
                                                 String newName)
                                          throws IOException
        Throws:
        IOException

      • doRevoke

        public org.kohsuke.stapler.HttpResponse doRevoke​(@AncestorInPath
                                                 User u,
                                                 @QueryParameter
                                                 String tokenUuid)
                                          throws IOException
        Throws:
        IOException

      • doRevokeAll

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doRevokeAll​(@AncestorInPath
                                                    User u)
                                             throws IOException
        Throws:
        IOException

      • doRevokeAllExcept

        @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public org.kohsuke.stapler.HttpResponse doRevokeAllExcept​(@AncestorInPath
                                                          User u,
                                                          @QueryParameter
                                                          String tokenUuid)
                                                   throws IOException
        Throws:
        IOException