Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Graph Search suggests Outlook mail accounts #433

Open
meiswjn opened this issue Jul 7, 2023 · 6 comments
Open

Graph Search suggests Outlook mail accounts #433

meiswjn opened this issue Jul 7, 2023 · 6 comments
Labels
bug

Comments

@meiswjn
Copy link
Contributor

meiswjn commented Jul 7, 2023

Jenkins and plugins versions report

Environment 
Jenkins: 2.401.1
OS: Linux - 4.18.0-477.13.1.el8_8.x86_64
Java: 11.0.19 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)
---
Office-365-Connector:4.18.0
PrioritySorter:5.0.0
analysis-model-api:11.3.0
ansicolor:1.0.2
ant:487.vd79d090d4ea_e
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
apache-httpcomponents-client-5-api:5.2.1-1.0
artifactory:3.18.4
audit-trail:333.vb_e1b_b_0f1238c
authentication-tokens:1.53.v1c90fd9191a_b_
azure-ad:349.vc02b_a_0b_142a_8
azure-artifact-manager:115.vb0d5da76bb49
azure-credentials:254.v64da_8176c83a
azure-keyvault:200.v115e9b_1644d5
azure-sdk:132.v62b_48eb_6f32f
basic-branch-build-strategies:71.vc1421f89888e
blueocean:1.27.4
blueocean-bitbucket-pipeline:1.27.4
blueocean-commons:1.27.4
blueocean-config:1.27.4
blueocean-core-js:1.27.4
blueocean-dashboard:1.27.4
blueocean-display-url:2.4.2
blueocean-events:1.27.4
blueocean-git-pipeline:1.27.4
blueocean-github-pipeline:1.27.4
blueocean-i18n:1.27.4
blueocean-jwt:1.27.4
blueocean-personalization:1.27.4
blueocean-pipeline-api-impl:1.27.4
blueocean-pipeline-editor:1.27.4
blueocean-pipeline-scm-api:1.27.4
blueocean-rest:1.27.4
blueocean-rest-impl:1.27.4
blueocean-web:1.27.4
bootstrap5-api:5.3.0-1
bouncycastle-api:2.28
branch-api:2.1109.vdf225489a_16d
build-blocker-plugin:1.7.8
build-discarder:139.v05696a_7fe240
build-monitor-plugin:1.14-717.v3efcdffe8d58
build-user-vars-plugin:1.9
build-with-parameters:76.v9382db_f78962
built-on-column:1.4
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
chucknorris:1.4
cloud-stats:267.v577e3742c282
cloudbees-bitbucket-branch-source:809.vc1d904b_30426
cloudbees-disk-usage-simple:182.v62ca_0c992a_f3
cloudbees-folder:6.815.v0dd5a_cb_40e0e
code-coverage-api:4.7.0
command-launcher:100.v2f6722292ee8
commons-httpclient3-api:3.1-3
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
conditional-buildstep:1.4.2
config-file-provider:938.ve2b_8a_591c596
confluence-publisher:156.vf3597ca_9cf27
copyartifact:705.v5295cffec284
credentials:1254.vb_96f366e7b_a_d
credentials-binding:604.vb_64480b_c56ca_
custom-folder-icon:2.8
dark-theme:336.v02165cd8c2ee
dashboard-view:2.487.vcf0ff9008a_c0
data-tables-api:1.13.4-3
dependency-check-jenkins-plugin:5.4.0
dependency-track:4.3.1
disable-github-multibranch-status:1.2
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-java-api:3.3.1-79.v20b_53427e041
docker-plugin:1.4
docker-workflow:563.vd5d2e5c4007f
dtkit-api:3.0.2
durable-task:507.v050055d0cb_dd
echarts-api:5.4.0-5
email-ext:2.99
emailext-template:1.5
envinject:2.901.v0038b_6471582
envinject-api:1.199.v3ce31253ed13
extended-choice-parameter:373.v1a_ecea_fdf2a_a_
extended-read-permission:53.v6499940139e5
external-monitor-job:206.v9a_94ff0b_4a_10
extra-columns:1.25
favorite:2.4.2
file-operations:131.v32b_e7824fe95
file-parameters:285.287.v4b_7b_29d3469d
font-awesome-api:6.4.0-1
forensics-api:2.3.0
git:5.1.0
git-client:4.4.0
git-forensics:2.0.0
github:1.37.1
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1728.v859147241f49
github-checks:545.v79a_a_68b_ca_682
gradle:2.8
groovy:453.vcdb_a_c5c99890
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
htmlpublisher:1.31
http_request:1.17
instance-identity:173.va_37c494ec4e5
integrity-plugin:2.5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jacoco:3.3.3
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:233.vdc1a_ec702cff
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jenkins-design-language:1.27.4
jersey2-api:2.39.1-2
jira:3.10
jjwt-api:0.11.5-77.v646c772fddb_0
jnr-posix-api:3.1.17-1
job-restrictions:0.8
jobConfigHistory:1212.vd4470d08ff12
jquery:1.12.4-1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1214.va_2f9db_3e6de0
ldap:682.v7b_544c9d1512
leastload:3.0.0
list-git-branches-parameter:0.0.13
locale:314.v22ce953dfe9e
localization-support:1.2
lockable-resources:1172.v4b_8fc8eed570
mailer:457.v3f72cb_e015e5
mask-passwords:150.vf80d33113e80
material-theme:0.5.2-rc100.6121925fe229
matlab:2.10.0
matrix-auth:3.1.8
matrix-project:789.v57a_725b_63c79
maven-plugin:3.22
metrics:4.2.18-439.v86a_20b_a_8318b_
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
monitoring:1.94.1
msbuild:1.30
next-executions:179.vb_e011d7e3b_64
nodejs:1.6.0
nuget:1.1
okhttp-api:4.11.0-145.vcb_8de402ef81
parameterized-scheduler:1.2
parameterized-trigger:2.45
parasoft-findings:10.6.2
pipeline-build-step:496.v2449a_9a_221f2
pipeline-github:2.8-147.3206e8179b1c
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-graph-view:191.vc6da_9d3eb_70a
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2141.v5402e818a_779
pipeline-model-definition:2.2141.v5402e818a_779
pipeline-model-extensions:2.2141.v5402e818a_779
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2141.v5402e818a_779
pipeline-stage-view:2.33
pipeline-utility-steps:2.15.4
plain-credentials:143.v1b_df8b_d3b_e48
plot:2.1.12
plugin-usage-plugin:4.0
plugin-util-api:3.3.0
popper2-api:2.11.6-2
powershell:2.0
prism-api:1.29.0-7
pubsub-light:1.17
resource-disposer:0.22
robot:3.3.0
run-condition:1.5
scm-api:676.v886669a_199a_a_
script-security:1251.vfe552ed55f8d
simple-theme-plugin:160.vb_76454b_67900
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
solarized-theme:0.1
sonar:2.15
splunk-devops:1.10.1
sse-gateway:1.26
ssh-agent:333.v878b_53c89511
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
ssh-steps:2.0.65.vd26b_5b_9b_de4d
sshd:3.303.vefc7119b_ec23
structs:324.va_f5d6774f3a_d
synopsys-coverity:3.0.3
theme-manager:193.vcef22f6c5f2b_
thinBackup:1.17
timestamper:1.25
token-macro:359.vb_cde11682e0c
trilead-api:2.84.v72119de229b_7
uipath-automation-package:3.0
uno-choice:2.6.5
variant:59.vf075fe829ccb
versioncolumn:162.v85841b_0790d5
warnings-ng:10.2.0
windows-azure-storage:386.v673495b0a5de
workflow-aggregator:596.v8c21c963d92d
workflow-api:1215.v2b_ee3e1b_dd39
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3691.v28b_14c465a_b_b_
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1308.v58d48a_763b_31
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45
xunit:3.1.2

What Operating System are you using (both controller, and any agents involved in the problem)?

RHEL8

Reproduction steps

  1. Install the plugin
  2. Use AAD Matrix Auth
  3. Search for users: it will detect AAD users but also users that I once wrote mails to in Outlook (???)

Expected Results

No contacts from outlook

Actual Results

It parsed my outlook mail history and when searching for users, it gives me users that do not exist in the AAD. For example, I once got the notification from a GitHub repository via mail. Now, it finds the repository name in the Matrix Auth search. When examining the object, you see that the no-reply mail for the repository is behind it, everything else is null.

Anything else?

We updated to the latest version today from 313.v14b_f37ff114d

Likely introduced by #405
@meiswjn meiswjn added the bug label Jul 7, 2023
@timja timja mentioned this issue Jul 7, 2023
Merged
6 tasks
@iandrewt
Copy link
Contributor

iandrewt commented Jul 9, 2023

Do you have any screenshots or other evidence of this happening? I cannot replicate this in Jenkins nor in the Microsoft Graph Explorer

@meiswjn
Copy link
Contributor Author

meiswjn commented Jul 10, 2023

Sure, here you go. I searched for "jenkinsci" in global security. We use the normal Azure AD integration.
image

@iandrewt
Copy link
Contributor

I don't actually know how that form works, but I'm fairly sure it uses a different query to the one I changed in #405

@timja
Copy link
Member

timja commented Jul 10, 2023

It uses these web components:

azure-ad-plugin/package.json

Lines 31 to 33 in b89416d

"@microsoft/mgt-components": "^2.9.2",
"@microsoft/mgt-element": "^2.9.2",
"@microsoft/mgt-proxy-provider": "^2.9.2"

I guess there was a behaviour change in a dependency update.

@t0rb3n
Copy link

t0rb3n commented Feb 23, 2024
edited

We have the same problem with "users" appearing that are in the logged-in users mailboxes.

I think changing the user-type of the mgt-people-picker would solve this problem.

azure-ad-plugin/src/main/resources/com/microsoft/jenkins/azuread/AzureAdMatrixAuthorizationStrategy/config.jelly

Line 209 in 067a533

user-type="any"

Changing it from any to user should only show Org-Users (see userType property)

Unfortunately I failed to build a working plugin locally.
Every time I built it, with or without any changes the picker disappears when the Graph Integration checkmark is unchecked.
grafik
So if anyone could build a version with user-type="user" and the picker not disappearing, I am more than happy to test this.

@timja
Copy link
Member

timja commented Feb 23, 2024

Need to make sure it works with guest users but if that works then changing to user makes sense

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@iandrewt @timja @t0rb3n @meiswjn