On Monday, February 1, 2016 at 7:38:49 AM UTC-8, Brian J. Murrell wrote: > > On Sun, 2016-01-31 at 23:45 +0100, Daniel Beck wrote: > > On 30.01.2016, at 19:10, Brian J. Murrell <brian-SquOHqY54CVWr29BmMi2 > > [email protected] <javascript:>> wrote: > > I think any answer to this would likely be a security issue and > > should be reported as such, rather than posted here. > > How do you figure? And what exactly are you proposing to report and to > whom? >
The security part comes in when you fetch an arbitrary user's key which you generated as "the user running the job." Fetching the current user's api key doesn't seem to have a REST API equivalent. Right now, I just scrape the user's configure page - /user/USERNAME/configure - and look for the pattern -- name="\_\.apiToken"[^>]+value="(\w+?)". -milki -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d415bfef-d899-4c2f-876c-619b7d1900fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
