Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jenkinsci/oic-auth-plugin
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3fec21b2800259aa21cdb20d3ff1ff85752d4c2c
Choose a base ref
..
head repository: jenkinsci/oic-auth-plugin
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b6041debdf30ee4b90e1d0fd8303ed90fffc172f
Choose a head ref
Showing with 2 additions and 5 deletions.
  1. +1 −3 src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
  2. +1 −2 src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
4 changes: 1 addition & 3 deletions src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
View file
Original file line number Diff line number Diff line change
@@ -1073,8 +1073,7 @@ private String buildOAuthRedirectUrl() throws NullPointerException {
* @param request The user's request
* @throws ParseException if the JWT (or other response) could not be parsed.
*/
public void doFinishLogin(StaplerRequest request, StaplerResponse response)
throws IOException, ParseException {
public void doFinishLogin(StaplerRequest request, StaplerResponse response) throws IOException, ParseException {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If OicSecurityRealm#doFinishLogin connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in OicSecurityRealm#doFinishLogin
OidcClient client = buildOidcClient();

WebContext webContext = JEEContextFactory.INSTANCE.newContext(request, response);
@@ -1358,5 +1357,4 @@ public Descriptor<OicServerConfiguration> getDefaultServerConfigurationType() {
return Jenkins.get().getDescriptor(OicServerWellKnownConfiguration.class);
}
}

}
3 changes: 1 addition & 2 deletions src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
View file
Original file line number Diff line number Diff line change
@@ -247,8 +247,7 @@ public Descriptor<SecurityRealm> getDescriptor() {
}

@Override
public void doFinishLogin(StaplerRequest request, StaplerResponse response)
throws IOException, ParseException {
public void doFinishLogin(StaplerRequest request, StaplerResponse response) throws IOException, ParseException {
/*
* PluginTest uses a hardCoded nonce "nonce"
*/