Package jenkins.security
Class ApiTokenProperty
- java.lang.Object
-
- hudson.model.UserProperty
-
- jenkins.security.ApiTokenProperty
-
- All Implemented Interfaces:
ExtensionPoint,Describable<UserProperty>,ReconfigurableDescribable<UserProperty>
public class ApiTokenProperty extends UserProperty
Remembers the API token for this user, that can be used like a password to login.- Since:
- 1.426
- Author:
- Kohsuke Kawaguchi
- See Also:
ApiTokenFilter
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classApiTokenProperty.DescriptorImplstatic classApiTokenProperty.TokenInfoAndStats-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Field Summary
Fields Modifier and Type Field Description static HMACConfidentialKeyAPI_KEY_SEEDDeprecated.only used for the migration of previous data-
Fields inherited from class hudson.model.UserProperty
user
-
-
Constructor Summary
Constructors Constructor Description ApiTokenProperty()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description StringaddFixedNewToken(String name, String tokenPlainValue)voidchangeApiToken()Deprecated.Each token can be revoked now and new tokens can be requested without altering existing ones.voiddeleteApiToken()Does not revoke the token stored in the storeTokenUuidAndPlainValuegenerateNewToken(String name)StringgetApiToken()Gets the API token.Collection<ApiTokenProperty.TokenInfoAndStats>getTokenList()ApiTokenStatsgetTokenStats()ApiTokenStoregetTokenStore()booleanhasLegacyToken()Determine if the legacy token is still presentbooleanmatchesPassword(String token)UserPropertyreconfigure(org.kohsuke.stapler.StaplerRequest req, net.sf.json.JSONObject form)Allow user to rename tokensvoidrevokeAllTokens()voidrevokeAllTokensExceptOne(String tokenUuid)voidrevokeToken(String tokenUuid)protected voidsetUser(User u)-
Methods inherited from class hudson.model.UserProperty
all, getDescriptor
-
-
-
-
Field Detail
-
API_KEY_SEED
@Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final HMACConfidentialKey API_KEY_SEED
Deprecated.only used for the migration of previous dataWe don't want an API key that's too long, so cut the length to 16 (which produces 32-letter MAC code in hexdump)
-
-
Method Detail
-
setUser
protected void setUser(User u)
- Overrides:
setUserin classUserProperty
-
getApiToken
@NonNull public String getApiToken()
Gets the API token. The method performs security checks since 1.638. Only the current user and SYSTEM may see it. Users withJenkins.ADMINISTERmay be allowed to do it usingSHOW_LEGACY_TOKEN_TO_ADMINS.- Returns:
- API Token. Never null, but may be
Messages.ApiTokenProperty_ChangeToken_TokenIsHidden()if the user has no appropriate permissions. - Since:
- 1.426, and since 1.638 the method performs security checks
-
hasLegacyToken
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasLegacyToken()
Determine if the legacy token is still present
-
matchesPassword
public boolean matchesPassword(String token)
-
getTokenList
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Collection<ApiTokenProperty.TokenInfoAndStats> getTokenList()
-
reconfigure
public UserProperty reconfigure(org.kohsuke.stapler.StaplerRequest req, @CheckForNull net.sf.json.JSONObject form) throws Descriptor.FormException
Allow user to rename tokens- Specified by:
reconfigurein interfaceReconfigurableDescribable<UserProperty>- Overrides:
reconfigurein classUserProperty- Parameters:
req- The current HTTP request being processed.form- JSON fragment that corresponds to this describable object. If the newly submitted form doesn't include a fragment for this describable (meaning the user has de-selected your descriptor), then this argument is null.- Returns:
- The new instance. To not to create an instance of a describable, return null.
- Throws:
Descriptor.FormException
-
changeApiToken
@Deprecated public void changeApiToken() throws IOException
Deprecated.Each token can be revoked now and new tokens can be requested without altering existing ones.Only usable if the user still has the legacy API token.- Throws:
IOException
-
deleteApiToken
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public void deleteApiToken()
Does not revoke the token stored in the store
-
getTokenStore
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ApiTokenStore getTokenStore()
-
getTokenStats
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ApiTokenStats getTokenStats()
-
addFixedNewToken
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) @NonNull public String addFixedNewToken(@NonNull String name, @NonNull String tokenPlainValue) throws IOException
- Throws:
IOException
-
generateNewToken
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) @NonNull public TokenUuidAndPlainValue generateNewToken(@NonNull String name) throws IOException
- Throws:
IOException
-
revokeAllTokens
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeAllTokens() throws IOException- Throws:
IOException
-
revokeAllTokensExceptOne
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeAllTokensExceptOne(@NonNull String tokenUuid) throws IOException- Throws:
IOException
-
revokeToken
@Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeToken(@NonNull String tokenUuid) throws IOException- Throws:
IOException
-
-