Merge branch 'security' into security-stable-1.580

Conflicts: test/src/test/java/hudson/model/UserTest.java

Merge branch 'security' into security-stable-1.580
Conflicts: test/src/test/java/hudson/model/UserTest.java
17800410 · Jesse Glick · 45c23d33 · f58ba6e7 · 17800410 · 17800410
4 changed file
--- a/core/src/main/java/hudson/util/FormValidation.java
+++ b/core/src/main/java/hudson/util/FormValidation.java
@@ -196,7 +196,7 @@ public abstract class FormValidation extends IOException implements HttpResponse
            " <a href='#' class='showDetails'>"
            + Messages.FormValidation_Error_Details()
            + "</a><pre style='display:none'>"
-            + Functions.printThrowable(e) +
+            + Util.escape(Functions.printThrowable(e)) +
            "</pre>",kind
        );
    }

--- a/core/src/main/java/jenkins/security/ApiTokenProperty.java
+++ b/core/src/main/java/jenkins/security/ApiTokenProperty.java
@@ -81,6 +81,7 @@ public class ApiTokenProperty extends UserProperty {
    }

    public void changeApiToken() throws IOException {
+        user.checkPermission(Jenkins.ADMINISTER);
        _changeApiToken();
        if (user!=null)
            user.save();

--- a/core/src/test/java/hudson/util/FormValidationTest.java
+++ b/core/src/test/java/hudson/util/FormValidationTest.java
@@ -23,6 +23,10 @@
 */
 package hudson.util;

+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.MatcherAssert.assertThat;
+
 import junit.framework.TestCase;

 /**
@@ -51,4 +55,9 @@ public class FormValidationTest extends TestCase {
    public void testMessage() {
        assertEquals("test msg", FormValidation.errorWithMarkup("test msg").getMessage());
    }
+
+    public void testFormValidationException() {
+        FormValidation fv = FormValidation.error(new Exception("<html"), "Message<html");
+        assertThat(fv.renderHtml(), not(containsString("<html")));
+    }
 }
--- a/test/src/test/java/hudson/model/UserTest.java
+++ b/test/src/test/java/hudson/model/UserTest.java
@@ -28,12 +28,14 @@ import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebAssert;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
+
 import hudson.security.AccessDeniedException2;
 import hudson.security.GlobalMatrixAuthorizationStrategy;
 import hudson.security.HudsonPrivateSecurityRealm;
 import hudson.security.Permission;
 import hudson.tasks.MailAddressResolver;
 import java.io.File;
+
 import java.io.IOException;
 import java.io.PrintStream;
 import java.util.Arrays;
@@ -41,11 +43,16 @@ import java.util.Collections;

 import jenkins.model.IdStrategy;
 import jenkins.model.Jenkins;
+import jenkins.security.ApiTokenProperty;
+
+import org.acegisecurity.AccessDeniedException;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.context.SecurityContext;
 import org.acegisecurity.context.SecurityContextHolder;
+
 import static org.junit.Assert.*;
 import static org.junit.Assume.*;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.Bug;
@@ -498,6 +505,42 @@ public class UserTest {
        assertTrue("But once storage is allocated, he can be deleted", user3.canDelete());
    }

+    @Test
+    // @Issue("SECURITY-180")
+    public void security180() throws Exception {
+        final GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
+        j.jenkins.setAuthorizationStrategy(auth);
+        j.jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false));
+
+        User alice = User.get("alice");
+        User bob = User.get("bob");
+        User anonymous = User.get("anonymous");
+        User admin = User.get("admin");
+
+        auth.add(Jenkins.READ, alice.getId());
+        auth.add(Jenkins.READ, bob.getId());
+        auth.add(Jenkins.ADMINISTER, admin.getId());
+
+        SecurityContextHolder.getContext().setAuthentication(admin.impersonate());
+        // Change token by admin
+        admin.getProperty(ApiTokenProperty.class).changeApiToken();
+        alice.getProperty(ApiTokenProperty.class).changeApiToken();
+
+        SecurityContextHolder.getContext().setAuthentication(bob.impersonate());
+        // Change own token
+        bob.getProperty(ApiTokenProperty.class).changeApiToken();
+
+        try {
+            alice.getProperty(ApiTokenProperty.class).changeApiToken();
+            fail("Bob should not be authorized to change alice's token");
+        } catch (AccessDeniedException expected) { }
+
+        try {
+            anonymous.getProperty(ApiTokenProperty.class).changeApiToken();
+            fail("Anonymous should not be authorized to change alice's token");
+        } catch (AccessDeniedException expected) { }
+    }
+
     public static class SomeUserProperty extends UserProperty {
         
        @TestExtension