New credentials dialog (#992)

Co-authored-by: Jan Faracik <43062514+janfaracik@users.noreply.github.com>
Co-authored-by: Jan <janf@kainos.com>

Author: timja

pom.xml

@@ -68,7 +68,7 @@
     <changelist>999999-SNAPSHOT</changelist>
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     <!-- https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/ -->
-    <jenkins.baseline>2.504</jenkins.baseline>
+    <jenkins.baseline>2.528</jenkins.baseline>
     <jenkins.version>${jenkins.baseline}.3</jenkins.version>
     <ban-junit4-imports.skip>false</ban-junit4-imports.skip>
     <hpi.compatibleSinceVersion>1372</hpi.compatibleSinceVersion>

src/main/java/com/cloudbees/plugins/credentials/CredentialsDescriptor.java

@@ -605,4 +605,10 @@ public String toCheckUrl() {
         }
     }
 
+    /**
+     * @return the description of this credential descriptor.
+     */
+    public String getDescription() {
+        return null;
+    }
 }

src/main/java/com/cloudbees/plugins/credentials/CredentialsSelectHelper.java

@@ -43,13 +43,17 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
+import java.util.stream.StreamSupport;
 
 import jakarta.servlet.ServletException;
 import jenkins.model.Jenkins;
@@ -121,6 +125,26 @@ public ModelObject resolveContext(Object context) {
         return context instanceof ModelObject mo ? mo : CredentialsDescriptor.findContextInPath(ModelObject.class);
     }
 
+    /**
+     * @return modifiable store actions for the context provided.
+     */
+    @Restricted(NoExternalUse.class)
+    public Map<String, List<CredentialsStoreAction.DomainWrapper>> getModifiableStoreActions(ModelObject context) {
+        return StreamSupport.stream(CredentialsProvider.lookupStores(context).spliterator(), false)
+                .filter(s -> s.hasPermission(CredentialsProvider.CREATE))
+                .map(CredentialsStore::getStoreAction)
+                .filter(Objects::nonNull)
+                .collect(Collectors.toMap(
+                        CredentialsStoreAction::getFullDisplayName,
+                        store -> new ArrayList<>(store.getDomains().values()),
+                        (left, right) -> {
+                            left.addAll(right);
+                            return left;
+                            },
+                        LinkedHashMap::new
+                ));
+    }
+
    /**
      * Returns the {@link StoreItem} instances for the current Stapler request.
      *

src/main/java/com/cloudbees/plugins/credentials/CredentialsStoreAction.java

@@ -88,6 +88,7 @@
 import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.HttpResponse;
 import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest2;
 import org.kohsuke.stapler.StaplerResponse2;
 import org.kohsuke.stapler.WebMethod;
@@ -571,6 +572,31 @@ public Domain getDomain() {
             return domain;
         }
 
+        /**
+         * Used to get the path for the action for new credentials.
+         * Stapler can't figure out the right URL from the dialog, so it needs injecting to it.
+         * @return
+         */
+        @SuppressWarnings("unused")
+        @Restricted(NoExternalUse.class)
+        public String getRelativePath() {
+            String relativePath = Stapler.getCurrentRequest2().getParameter("relativePath");
+            if (relativePath == null) {
+                return null;
+            }
+            // Validate the relative path as a security hardening
+            // There is no known attack vector here, but just in case as it does control what the form action is.
+            if (!relativePath.startsWith("/")) {
+                return null;
+            }
+            // Prevent protocol-relative URLs
+            if (relativePath.startsWith("//")) {
+                return null;
+            }
+
+            return relativePath;
+        }
+
         /**
          * Expose the parent {@link CredentialsStoreAction}.
          *
@@ -730,9 +756,12 @@ public CredentialsWrapper getCredential(String id) {
         public HttpResponse doCreateCredentials(StaplerRequest2 req) throws ServletException, IOException {
             getStore().checkPermission(CREATE);
             String requestContentType = req.getContentType();
+
+            String acceptHeader = req.getHeader("Accept");
             if (requestContentType == null) {
                 throw new Failure("No Content-Type header set");
             }
+            boolean jsonResponse = acceptHeader != null && acceptHeader.contains("application/json");
 
             if (requestContentType.startsWith("application/xml") || requestContentType.startsWith("text/xml")) {
                 final StringWriter out = new StringWriter();
@@ -753,7 +782,20 @@ public HttpResponse doCreateCredentials(StaplerRequest2 req) throws ServletExcep
             } else {
                 JSONObject data = req.getSubmittedForm();
                 Credentials credentials = Descriptor.bindJSON(req, Credentials.class, data.getJSONObject("credentials"));
-                getStore().addCredentials(domain, credentials);
+                boolean credentialsWereAdded = getStore().addCredentials(domain, credentials);
+
+                if (jsonResponse) {
+                    if (credentialsWereAdded) {
+                        return HttpResponses.okJSON(new JSONObject()
+                                .element("message", "Credentials created")
+                                .element("notificationType", "SUCCESS"));
+                    } else {
+                        return HttpResponses.okJSON(new JSONObject()
+                                .element("message", "Credentials with specified ID already exist")
+                                // TODO: or domain does not exist at all?
+                                .element("notificationType", "ERROR"));
+                    }
+                }
                 return HttpResponses.redirectTo("../../domain/" + getUrlName());
             }
         }

src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java

@@ -232,6 +232,11 @@ public String getDisplayName() {
             return Messages.CertificateCredentialsImpl_DisplayName();
         }
 
+        @Override
+        public String getDescription() {
+            return Messages.CertificateCredentialsImpl_description();
+        }
+
         /**
          * {@inheritDoc}
          */

src/main/java/com/cloudbees/plugins/credentials/impl/UsernamePasswordCredentialsImpl.java

@@ -134,6 +134,11 @@ public String getDisplayName() {
             return Messages.UsernamePasswordCredentialsImpl_DisplayName();
         }
 
+        @Override
+        public String getDescription() {
+            return Messages.UsernamePasswordCredentialsImpl_description();
+        }
+
         /**
          * {@inheritDoc}
          */