add option to control if https should be secure

pwielgolaski · Jul 1, 2017 · 8c2f379 · 8c2f379
1 parent 22d61a4
commit 8c2f379
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/src/main/java/jetbrains/buildServer/auth/oauth/AuthenticationSchemeProperties.java b/src/main/java/jetbrains/buildServer/auth/oauth/AuthenticationSchemeProperties.java
@@ -8,6 +8,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 public class AuthenticationSchemeProperties {
 
@@ -84,4 +85,10 @@ private Map<String, String> getSchemeProperties() {
         List<AuthModule<OAuthAuthenticationScheme>> aadAuthModules = loginConfiguration.getConfiguredAuthModules(OAuthAuthenticationScheme.class);
         return aadAuthModules.isEmpty() ? null : aadAuthModules.get(0).getProperties();
     }
+
+    public boolean isAllowInsecureHttps() {
+        return Optional.ofNullable(getProperty(ConfigKey.allowInsecureHttps))
+                .map(Boolean::valueOf)
+                .orElse(true);
+    }
 }
diff --git a/src/main/java/jetbrains/buildServer/auth/oauth/ConfigKey.java b/src/main/java/jetbrains/buildServer/auth/oauth/ConfigKey.java
@@ -9,5 +9,6 @@ public enum ConfigKey {
     clientId,
     clientSecret,
     scope,
-    hideLoginForm
+    hideLoginForm,
+    allowInsecureHttps
 }
diff --git a/src/main/java/jetbrains/buildServer/auth/oauth/OAuthClient.java b/src/main/java/jetbrains/buildServer/auth/oauth/OAuthClient.java
@@ -17,7 +17,7 @@ public class OAuthClient {
 
     public OAuthClient(AuthenticationSchemeProperties properties) {
         this.properties = properties;
-        this.httpClient = HttpClientFactory.createClient(true);
+        this.httpClient = HttpClientFactory.createClient(properties.isAllowInsecureHttps());
     }
 
     public String getRedirectUrl(String state) {

diff --git a/src/main/resources/buildServerResources/editOAuthSchemeProperties.jsp b/src/main/resources/buildServerResources/editOAuthSchemeProperties.jsp
@@ -74,11 +74,15 @@
     <span class="grayNote">OAuth scope of this TeamCity server.</span>
 </div>
 <div>
-    <label width="100%" for="<%=ConfigKey.scope%>">Hide login form:</label><br/>
-    <prop:checkboxProperty style="width: 100%;" name="<%=ConfigKey.hideLoginForm.toString()%>"/><br/>
+    <prop:checkboxProperty uncheckedValue="false" name="<%=ConfigKey.hideLoginForm.toString()%>"/>
+    <label width="100%" for="<%=ConfigKey.hideLoginForm%>">Hide login form</label><br/>
     <span class="grayNote">Hide user/password login form on Teamcity login page.</span>
 </div>
-
+<div>
+    <prop:checkboxProperty uncheckedValue="false" name="<%=ConfigKey.allowInsecureHttps.toString()%>"/>
+    <label width="100%" for="<%=ConfigKey.allowInsecureHttps%>">Insecure https</label><br/>
+    <span class="grayNote">Allow insecure https access like invalid certificate (restart required)</span>
+</div>
 <script type="text/javascript">
     BS.TeamCityOAuth.init('#<%=ConfigKey.preset.toString()%>');
 </script>