Make Secret Token updates work when CSP is enforced (#1840)

* Make Secret Token updates work when CSP is enforced

* Update to released Jenkins 2.540

* Do not use undocumented feature of validateButton

---------

Co-authored-by: Daniel Beck <[email protected]>

Author: daniel-beck

src/main/java/com/dabsquared/gitlabjenkins/GitLabPushTrigger.java

@@ -66,7 +66,6 @@
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.Stapler;
 import org.kohsuke.stapler.StaplerRequest2;
-import org.kohsuke.stapler.StaplerResponse2;
 
 /**
  * Triggers a build when we receive a GitLab WebHook.
@@ -744,17 +743,5 @@ public FormValidation doCheckExcludeMergeRequestLabels(
                 @AncestorInPath final Job<?, ?> project, @QueryParameter final String value) {
             return ProjectLabelsProvider.instance().doCheckLabels(project, value);
         }
-
-        public void doGenerateSecretToken(@AncestorInPath final Job<?, ?> project, StaplerResponse2 response) {
-            byte[] random = new byte[16]; // 16x8=128bit worth of randomness, since we use md5 digest as the API token
-            RANDOM.nextBytes(random);
-            String secretToken = Util.toHexString(random);
-            response.setHeader("script", "document.getElementById('secretToken').value='" + secretToken + "'");
-        }
-
-        public void doClearSecretToken(@AncestorInPath final Job<?, ?> project, StaplerResponse2 response) {
-            ;
-            response.setHeader("script", "document.getElementById('secretToken').value=''");
-        }
     }
 }

src/main/resources/com/dabsquared/gitlabjenkins/GitLabPushTrigger/adjunct.js

@@ -0,0 +1,13 @@
+Behaviour.specify("BUTTON.gitlab_plugin-generate", "gitlab_plugin-generate", 0, function (e) {
+    e.onclick = function (evt) {
+        document.getElementById('gitlab_plugin_secretToken').value = [...Array(32)].map(() => Math.floor(Math.random() * 16).toString(16)).join('');
+        evt.preventDefault();
+    };
+});
+
+Behaviour.specify("BUTTON.gitlab_plugin-clear", "gitlab_plugin-clear", 0, function (e) {
+    e.onclick = function (evt) {
+        document.getElementById('gitlab_plugin_secretToken').value = "";
+        evt.preventDefault();
+    };
+});

src/main/resources/com/dabsquared/gitlabjenkins/GitLabPushTrigger/config.jelly

@@ -1,7 +1,7 @@
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core"
          xmlns:f="/lib/form"
-         xmlns:d="jelly:define">
+         xmlns:st="jelly:stapler">
   <f:entry title="Enabled GitLab triggers">
     <div>
       <f:entry title="Push Events" field="triggerOnPush">
@@ -102,11 +102,10 @@
       </div>
     </f:entry>
     <f:entry title="${%Secret token}" help="/plugin/gitlab-plugin/help/help-secretToken.html">
-      <div>
-        <f:readOnlyTextbox field="secretToken" id="secretToken"/>
-        <f:validateButton title="${%Generate}" method="generateSecretToken"/>
-        <f:validateButton title="${%Clear}" method="clearSecretToken"/>
-      </div>
+      <st:adjunct includes="com.dabsquared.gitlabjenkins.GitLabPushTrigger.adjunct"/>
+      <f:readOnlyTextbox field="secretToken" id="gitlab_plugin_secretToken"/>
+      <button class="jenkins-button gitlab_plugin-generate jenkins-!-margin-right-1 jenkins-!-margin-top-1">${%Generate}</button>
+      <button class="jenkins-button gitlab_plugin-clear jenkins-!-margin-top-1">${%Clear}</button>
     </f:entry>
   </f:advanced>
 </j:jelly>