blueocean-plugin/blueocean-git-pipeline/src/main/java/io/jenkins/blueocean/ssh/UserPublicKeyRoute.java at f0cb7611edbc62b7782e1f679828f6bb18802bd3 · alecharp/blueocean-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package io.jenkins.blueocean.ssh;

import hudson.Extension;
import hudson.model.User;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.commons.stapler.TreeResponse;
import io.jenkins.blueocean.rest.UserRoute;
import io.jenkins.blueocean.rest.model.BlueUser;
import org.apache.commons.lang3.StringUtils;
import org.kohsuke.stapler.WebMethod;
import org.kohsuke.stapler.verb.DELETE;
import org.kohsuke.stapler.verb.GET;

/**
 * Route to handle user personal Jenkins-managed key requests
 */
@Extension
public class UserPublicKeyRoute implements UserRoute {
    @Override
    public String getUrlName() {
        return "publickey";
    }

    @Override
    public Object get(BlueUser user) {
        return new Handler(user);
    }

    public static class Handler {
        final BlueUser user;

        public Handler(BlueUser user) {
            this.user = user;
        }

        /**
         * Gets or creates the user's private Jenkins-managed key and returns the
         * public key to the user
         *
         * @return JSON response
         */
        @GET
        @WebMethod(name = "")
        @TreeResponse
        public UserKey getPublickey() {
            User authenticatedUser = User.current();
            if (authenticatedUser == null) {
                throw new ServiceException.UnauthorizedException("Not authorized");
            }
            if (!StringUtils.equals(user.getId(), authenticatedUser.getId())) {
                throw new ServiceException.ForbiddenException("Not authorized");
            }

            UserKey publicKey = UserSSHKeyManager.getPublicKey(authenticatedUser,
                UserSSHKeyManager.getOrCreate(authenticatedUser));

            return publicKey;
        }

        /**
         * Deletes the user's private Jenkins-managed key
         *
         * @return
         */
        @DELETE
        @WebMethod(name = "")
        @TreeResponse
        public UserKey resetPublicKey() {
            User authenticatedUser = User.current();
            if (authenticatedUser == null) {
                throw new ServiceException.UnauthorizedException("Not authorized");
            }
            if (!StringUtils.equals(user.getId(), authenticatedUser.getId())) {
                throw new ServiceException.ForbiddenException("Not authorized");
            }

            UserSSHKeyManager.reset(authenticatedUser);
            return getPublickey();
        }
    }
}