chore: fix review findings

Author: mzellho

src/main/java/io/jenkins/plugins/gitlabserverconfig/credentials/GroupAccessTokenImpl.java

@@ -6,16 +6,19 @@
 import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.Extension;
 import hudson.util.FormValidation;
 import hudson.util.Secret;
 import jenkins.model.Jenkins;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.jenkinsci.Symbol;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.interceptor.RequirePOST;
 
 /**
  * Default implementation of {@link GroupAccessToken} for use by {@link Jenkins} {@link
@@ -26,25 +29,20 @@ public class GroupAccessTokenImpl extends BaseStandardCredentials implements Gro
     /**
      * Our token.
      */
-    @NonNull
-    private final Secret token;
+    @Nullable
+    private Secret token;
 
     /**
      * Constructor.
      *
      * @param scope the credentials scope.
      * @param id the credentials id.
      * @param description the description of the token.
-     * @param token the token itself (will be passed through {@link Secret#fromString(String)})
      */
     @DataBoundConstructor
     public GroupAccessTokenImpl(
-            @CheckForNull CredentialsScope scope,
-            @CheckForNull String id,
-            @CheckForNull String description,
-            @NonNull String token) {
+            @CheckForNull CredentialsScope scope, @CheckForNull String id, @CheckForNull String description) {
         super(scope, id, description);
-        this.token = Secret.fromString(token);
     }
 
     /**
@@ -56,6 +54,11 @@ public Secret getToken() {
         return token;
     }
 
+    @DataBoundSetter
+    public void setToken(String token) {
+        this.token = Secret.fromString(token);
+    }
+
     @NonNull
     @Override
     public String getUsername() {
@@ -94,7 +97,10 @@ public String getDisplayName() {
          */
         @Restricted(NoExternalUse.class) // stapler
         @SuppressWarnings("unused")
+        @RequirePOST
         public FormValidation doCheckToken(@QueryParameter String value) {
+            Jenkins.get().checkPermission(CredentialsProvider.USE_OWN);
+
             Secret secret = Secret.fromString(value);
             if (StringUtils.equals(value, secret.getPlainText())) {
                 if (value.length() < GITLAB_ACCESS_TOKEN_MINIMAL_LENGTH) {

src/main/java/io/jenkins/plugins/gitlabserverconfig/credentials/PersonalAccessTokenImpl.java

@@ -6,6 +6,7 @@
 import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.Extension;
 import hudson.util.FormValidation;
 import hudson.util.Secret;
@@ -15,7 +16,9 @@
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.interceptor.RequirePOST;
 
 /**
  * Default implementation of {@link PersonalAccessToken} for use by {@link Jenkins} {@link
@@ -26,25 +29,20 @@ public class PersonalAccessTokenImpl extends BaseStandardCredentials implements
     /**
      * Our token.
      */
-    @NonNull
-    private final Secret token;
+    @Nullable
+    private Secret token;
 
     /**
      * Constructor.
      *
      * @param scope the credentials scope.
      * @param id the credentials id.
      * @param description the description of the token.
-     * @param token the token itself (will be passed through {@link Secret#fromString(String)})
      */
     @DataBoundConstructor
     public PersonalAccessTokenImpl(
-            @CheckForNull CredentialsScope scope,
-            @CheckForNull String id,
-            @CheckForNull String description,
-            @NonNull String token) {
+            @CheckForNull CredentialsScope scope, @CheckForNull String id, @CheckForNull String description) {
         super(scope, id, description);
-        this.token = Secret.fromString(token);
     }
 
     /**
@@ -56,6 +54,11 @@ public Secret getToken() {
         return token;
     }
 
+    @DataBoundSetter
+    public void setToken(String token) {
+        this.token = Secret.fromString(token);
+    }
+
     @NonNull
     @Override
     public String getUsername() {
@@ -94,7 +97,10 @@ public String getDisplayName() {
          */
         @Restricted(NoExternalUse.class) // stapler
         @SuppressWarnings("unused")
+        @RequirePOST
         public FormValidation doCheckToken(@QueryParameter String value) {
+            Jenkins.get().checkPermission(CredentialsProvider.USE_OWN);
+
             Secret secret = Secret.fromString(value);
             if (StringUtils.equals(value, secret.getPlainText())) {
                 if (value.length() < GITLAB_ACCESS_TOKEN_MINIMAL_LENGTH) {

src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/helpers/GitLabPersonalAccessTokenCreator.java

@@ -188,8 +188,9 @@ public FormValidation doCreateTokenByPassword(
     private void createCredentials(@Nullable String serverUrl, String token, String username, String tokenName) {
         String url = defaultIfBlank(serverUrl, GitLabServer.GITLAB_SERVER_URL);
         String description = String.format("Auto Generated by %s server for %s user", url, username);
-        PersonalAccessToken credentials =
-                new PersonalAccessTokenImpl(CredentialsScope.GLOBAL, tokenName, description, token);
+        PersonalAccessTokenImpl credentials =
+                new PersonalAccessTokenImpl(CredentialsScope.GLOBAL, tokenName, description);
+        credentials.setToken(token);
         saveCredentials(url, credentials);
     }
 

src/test/java/io/jenkins/plugins/gitlabserverconfig/credentials/GroupAccessTokenImplTest.java

@@ -19,7 +19,8 @@ public class GroupAccessTokenImplTest {
     @Test
     public void configRoundtrip() throws Exception {
         GroupAccessTokenImpl expected =
-                new GroupAccessTokenImpl(CredentialsScope.GLOBAL, "magic-id", "configRoundtrip", "sAf_Xasnou47yxoAsC");
+                new GroupAccessTokenImpl(CredentialsScope.GLOBAL, "magic-id", "configRoundtrip");
+        expected.setToken("sAf_Xasnou47yxoAsC");
         CredentialsBuilder builder = new CredentialsBuilder(expected);
         j.configRoundtrip(builder);
         j.assertEqualDataBoundBeans(expected, builder.credentials);

src/test/java/io/jenkins/plugins/gitlabserverconfig/credentials/PersonalAccessTokenImplTest.java

@@ -18,8 +18,9 @@ public class PersonalAccessTokenImplTest {
 
     @Test
     public void configRoundtrip() throws Exception {
-        PersonalAccessTokenImpl expected = new PersonalAccessTokenImpl(
-                CredentialsScope.GLOBAL, "magic-id", "configRoundtrip", "sAf_Xasnou47yxoAsC");
+        PersonalAccessTokenImpl expected =
+                new PersonalAccessTokenImpl(CredentialsScope.GLOBAL, "magic-id", "configRoundtrip");
+        expected.setToken("sAf_Xasnou47yxoAsC");
         CredentialsBuilder builder = new CredentialsBuilder(expected);
         j.configRoundtrip(builder);
         j.assertEqualDataBoundBeans(expected, builder.credentials);