[JENKINS-22474] API Token does not require CSRF token (#3129)
* [JENKINS-22474] API Token does not require CSRF token - in order to ease the use of the api, we are not requiring the request to have a crumb - in terms of security it's not a problem normally since the CSRF attacks use the cookies and in case of API Token, it's session-less / cookie-less * - adjust the license header * - add test for basic authentication - add test for login process * - add test for form submission using ui (htmlunit), not just login form * - modification requested by Jesse * - pom.xml update to use the last version of jenkins-test-harness (with the token helper methods) - beginning of the simplification of tests * - using the try-with-resource approach to ease readability * - using closure method now * - add missing login transformation * - add unit test * - use withToken - remove useless crumb for GET method - add fail (otherwise the assert in catch is not as useful as it could be) * another bunch of test cases * - for HudsonTestCase, some additional modifications are required: changing the view / different type of management for the variable inside the views * - small other tests * - last batch for the login method * - crumb is not more required since we are using API Token * - converting auth to ApiToken to avoid crumb method * - converting auth to ApiToken to avoid crumb method (second) * - remove usage of closure aware methods * - update the pom using the snapshot as adviced by Jesse - modifications on other class to adapt to the last modifications in JTH * - modifications requested during code review * - also put back my changes to the conflicted file * - correction of the merge :)
Please register or sign in to comment