Package jenkins.security

Class ApiTokenProperty

java.lang.Object
hudson.model.UserProperty
jenkins.security.ApiTokenProperty
All Implemented Interfaces:
ExtensionPoint, Describable<UserProperty>, ReconfigurableDescribable<UserProperty>
public class ApiTokenProperty extends UserProperty
Remembers the API token for this user, that can be used like a password to login.
Since:
1.426
Author:
Kohsuke Kawaguchi
See Also:

  • Field Details

    • API_KEY_SEED

      @Deprecated @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static final HMACConfidentialKey API_KEY_SEED
      Deprecated.
      only used for the migration of previous data
      We don't want an API key that's too long, so cut the length to 16 (which produces 32-letter MAC code in hexdump)

  • Constructor Details

    • ApiTokenProperty

      @DataBoundConstructor public ApiTokenProperty()

  • Method Details

    • setUser

      protected void setUser(User u)
      Description copied from class: UserProperty
      This method is used to inform the property about its owner. It could be called multiple times, even without change, thus it should be idempotent.
      Overrides:
      setUser in class UserProperty

    • getApiToken

      @NonNull public String getApiToken()
      Gets the API token. The method performs security checks since 1.638. Only the current user and SYSTEM may see it. Users with Jenkins.ADMINISTER may be allowed to do it using SHOW_LEGACY_TOKEN_TO_ADMINS.
      Returns:
      API Token. Never null, but may be Messages.ApiTokenProperty_ChangeToken_TokenIsHidden() if the user has no appropriate permissions.
      Since:
      1.426, and since 1.638 the method performs security checks

    • hasLegacyToken

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasLegacyToken()
      Determine if the legacy token is still present

    • matchesPassword

      public boolean matchesPassword(String token)

    • getTokenList

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Collection<ApiTokenProperty.TokenInfoAndStats> getTokenList()

    • reconfigure

      public UserProperty reconfigure(org.kohsuke.stapler.StaplerRequest req, @CheckForNull net.sf.json.JSONObject form) throws Descriptor.FormException
      Allow user to rename tokens
      Specified by:
      reconfigure in interface ReconfigurableDescribable<UserProperty>
      Overrides:
      reconfigure in class UserProperty
      Parameters:
      req - The current HTTP request being processed.
      form - JSON fragment that corresponds to this describable object. If the newly submitted form doesn't include a fragment for this describable (meaning the user has de-selected your descriptor), then this argument is null.
      Returns:
      The new instance. To not to create an instance of a describable, return null.
      Throws:
      Descriptor.FormException

    • changeApiToken

      @Deprecated public void changeApiToken() throws IOException
      Deprecated.
      Each token can be revoked now and new tokens can be requested without altering existing ones.
      Only usable if the user still has the legacy API token.
      Throws:
      IOException

    • deleteApiToken

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public void deleteApiToken()
      Does not revoke the token stored in the store

    • getTokenStore

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ApiTokenStore getTokenStore()

    • getTokenStats

      @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public ApiTokenStats getTokenStats()

    • addFixedNewToken

      @Restricted(org.kohsuke.accmod.restrictions.Beta.class) @NonNull public String addFixedNewToken(@NonNull String name, @NonNull String tokenPlainValue) throws IOException
      Throws:
      IOException

    • generateNewToken

      @Restricted(org.kohsuke.accmod.restrictions.Beta.class) @NonNull public TokenUuidAndPlainValue generateNewToken(@NonNull String name) throws IOException
      Throws:
      IOException

    • revokeAllTokens

      @Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeAllTokens() throws IOException
      Throws:
      IOException

    • revokeAllTokensExceptOne

      @Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeAllTokensExceptOne(@NonNull String tokenUuid) throws IOException
      Throws:
      IOException

    • revokeToken

      @Restricted(org.kohsuke.accmod.restrictions.Beta.class) public void revokeToken(@NonNull String tokenUuid) throws IOException
      Throws:
      IOException