jenkins.security

Class ApiTokenProperty

java.lang.Object

hudson.model.UserProperty

jenkins.security.ApiTokenProperty

All Implemented Interfaces:

ExtensionPoint, Describable<UserProperty>, ReconfigurableDescribable<UserProperty>

public class ApiTokenProperty
extends UserProperty

Remembers the API token for this user, that can be used like a password to login.

Since:

1.426

Author:

Kohsuke Kawaguchi

See Also:

ApiTokenFilter

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ApiTokenProperty.DescriptorImpl
static class	ApiTokenProperty.TokenInfoAndStats

Nested classes/interfaces inherited from interface hudson.ExtensionPoint

ExtensionPoint.LegacyInstancesAreScopedToHudson

Field Summary

Fields

Modifier and Type	Field and Description
static HMACConfidentialKey	API_KEY_SEED Deprecated. only used for the migration of previous data

Fields inherited from class hudson.model.UserProperty

user

Constructor Summary

Constructors

Constructor and Description
ApiTokenProperty()

Method Summary

Modifier and Type	Method and Description
String	addFixedNewToken(String name, String tokenPlainValue)
void	changeApiToken() Deprecated. Each token can be revoked now and new tokens can be requested without altering existing ones.
void	deleteApiToken() Does not revoke the token stored in the store
TokenUuidAndPlainValue	generateNewToken(String name)
String	getApiToken() Gets the API token.
Collection<ApiTokenProperty.TokenInfoAndStats>	getTokenList()
ApiTokenStats	getTokenStats()
ApiTokenStore	getTokenStore()
boolean	hasLegacyToken() Determine if the legacy token is still present
boolean	matchesPassword(String token)
UserProperty	reconfigure(org.kohsuke.stapler.StaplerRequest req, net.sf.json.JSONObject form) Allow user to rename tokens
void	revokeAllTokens()
void	revokeAllTokensExceptOne(String tokenUuid)
void	revokeToken(String tokenUuid)
protected void	setUser(User u)

Methods inherited from class hudson.model.UserProperty

all, getDescriptor

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

API_KEY_SEED

@Deprecated
 @Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public static final HMACConfidentialKey API_KEY_SEED

Deprecated. only used for the migration of previous data

We don't want an API key that's too long, so cut the length to 16 (which produces 32-letter MAC code in hexdump)

Constructor Detail

ApiTokenProperty

@DataBoundConstructor
public ApiTokenProperty()

Method Detail

setUser

protected void setUser(User u)

Overrides:

setUser in class UserProperty

getApiToken

@NonNull
public String getApiToken()

Gets the API token. The method performs security checks since 1.638. Only the current user and SYSTEM may see it. Users with Jenkins.ADMINISTER may be allowed to do it using SHOW_LEGACY_TOKEN_TO_ADMINS.

Returns:

API Token. Never null, but may be Messages.ApiTokenProperty_ChangeToken_TokenIsHidden() if the user has no appropriate permissions.

Since:

1.426, and since 1.638 the method performs security checks

hasLegacyToken

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public boolean hasLegacyToken()

Determine if the legacy token is still present

matchesPassword

public boolean matchesPassword(String token)

getTokenList

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public Collection<ApiTokenProperty.TokenInfoAndStats> getTokenList()

reconfigure

public UserProperty reconfigure(org.kohsuke.stapler.StaplerRequest req,
                                @CheckForNull
                                net.sf.json.JSONObject form)
                         throws Descriptor.FormException

Allow user to rename tokens

Specified by:

reconfigure in interface ReconfigurableDescribable<UserProperty>

Overrides:

reconfigure in class UserProperty

Parameters:

req - The current HTTP request being processed.

form - JSON fragment that corresponds to this describable object. If the newly submitted form doesn't include a fragment for this describable (meaning the user has de-selected your descriptor), then this argument is null.

Returns:

The new instance. To not to create an instance of a describable, return null.

Throws:

Descriptor.FormException

changeApiToken

@Deprecated
public void changeApiToken()
                                throws IOException

Deprecated. Each token can be revoked now and new tokens can be requested without altering existing ones.

Only usable if the user still has the legacy API token.

Throws:

IOException

deleteApiToken

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public void deleteApiToken()

Does not revoke the token stored in the store

getTokenStore

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public ApiTokenStore getTokenStore()

getTokenStats

@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class)
public ApiTokenStats getTokenStats()

addFixedNewToken

@Restricted(value=org.kohsuke.accmod.restrictions.Beta.class)
 @NonNull
public String addFixedNewToken(@NonNull
                                                                                                       String name,
                                                                                                       @NonNull
                                                                                                       String tokenPlainValue)
                                                                                                throws IOException

Throws:

IOException

generateNewToken

@Restricted(value=org.kohsuke.accmod.restrictions.Beta.class)
 @NonNull
public TokenUuidAndPlainValue generateNewToken(@NonNull
                                                                                                                       String name)
                                                                                                                throws IOException

Throws:

IOException

revokeAllTokens

@Restricted(value=org.kohsuke.accmod.restrictions.Beta.class)
public void revokeAllTokens()
                                                                                   throws IOException

Throws:

IOException

revokeAllTokensExceptOne

@Restricted(value=org.kohsuke.accmod.restrictions.Beta.class)
public void revokeAllTokensExceptOne(@NonNull
                                                                                                   String tokenUuid)
                                                                                            throws IOException

Throws:

IOException

revokeToken

@Restricted(value=org.kohsuke.accmod.restrictions.Beta.class)
public void revokeToken(@NonNull
                                                                                      String tokenUuid)
                                                                               throws IOException

Throws:

IOException