search

AtlassianPS / JiraPS

PowerShell module to interact with Atlassian JIRA
https://AtlassianPS.org/module/JiraPS
MIT License
323 stars 131 forks source link

Connection to http-Jira with credentials fails #341

Closed David-Eichelmann closed 5 years ago

David-Eichelmann commented 5 years ago

Description

If a local Jira installation is used via http (not https) because we are behind a LB that offloads SSL, it is not possible to connect to Jira through JiraPS.

There is no useful error message, except the generic ones like

...
VERBOSE: [Invoke-JiraMethod] Failed to get an answer from the server
DEBUG: [Invoke-JiraMethod] Executed WebRequest. Access $webResponse to see details
VERBOSE: [Test-ServerResponse] Checking response headers for authentication errors
DEBUG: [Test-ServerResponse] Investigating $InputObject.Headers['X-Seraph-LoginReason']
VERBOSE: [Invoke-JiraMethod] No Web result object was returned from. This is unusual!
...

After digging deeper and performing the Invoke-WebRequest manually, there comes the error

Invoke-WebRequest : The cmdlet cannot protect plain text secrets sent over unencrypted connections. To suppress this warning and send plain text secrets over unencrypted networks, reissue the command specifying the AllowUnencryptedAuthentication parameter.

Steps To Reproduce

  1. Set the JIRA Server to a local (non-SSL) Installation with http, e.g. Set-JiraConfigServer ("http://jira.local")
  2. Start a new Session with Credentials, e.g. New-JiraSession -Credential (Get-Credential $username) -Verbose
  3. See error

Expected behavior

The connection should work properly

Screenshots

Your Environment

Get-Module JiraPS -ListAvailable | Select Name, Version
PowerShell 6.1.2
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /usr/local/share/powershell/Modules/JiraPS/2.10.3> Get-Module JiraPS -ListAvailable | Select Name, Version

Name   Version
----   -------
JiraPS 2.10.3

$PSVersionTable
Name                           Value
----                           -----
PSVersion                      6.1.2
PSEdition                      Core
GitCommitId                    6.1.2
OS                             Linux 4.4.0-140-generic #166-Ubuntu SMP Wed Nov 14 20:09:47 UTC 2018
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Possible Solution

The connection should check if we are http only and add the parameter -AllowUnencryptedAuthentication to the internal Invoke-WebRequest call

lipkau commented 5 years ago

Not sure if this will work, but you can try this:

$PSDefaultParameterValues["Invoke-WebRequest:AllowUnencryptedAuthentication"] = $true
David-Eichelmann commented 5 years ago

Not sure if this will work, but you can try this:

$PSDefaultParameterValues["Invoke-WebRequest:AllowUnencryptedAuthentication"] = $true

This is a perfect workaround for the issue! Thanks a lot.

Anyway, the library should offer a built-in solution.

lipkau commented 5 years ago

Anyway, the library should offer a built-in solution.

Agreed. continued in #342 as a feature request