search

sumoheavy / jira-ruby

A Ruby gem for the JIRA REST API
MIT License
656 stars 411 forks source link

can't get new cookie after cookie expires #271

Open Karamorf opened 6 years ago

Karamorf commented 6 years ago

If the Jira object is kept alive long enough for the cookie to expire, jira-ruby can't get a new cookie to Jira because the username/password gets deleted from the configuration. This was added in 1.4 from this commit: https://github.com/sumoheavy/jira-ruby/commit/020d170f41c6f62f1932b3210aa9ce9a7231f3cf

SimonMiaou commented 6 years ago

Hi @Karamorf You are right, the username and password are removed once we get the cookie. Maybe you could help us solving the issue by submitting a PR?

fazal60 commented 6 years ago

My request was closed so thought I should comment here:

Just wanted to point out that we are using basic auth_type in our project. This issue(271) pertains to cookie based authentication.

Not sure if these two are different or supposed to behave similarly. From the code though it seems that the username and password get deleted only when cookie based authentication is used.

Here is what we have in the options being passed:

username: options[:username], password: options[:password], site: 'https://jira2.cerner.com/', context_path: '', auth_type: :basic, use_ssl: true

fazal60 commented 6 years ago

Hey guys an update. The issue that I had been facing is probably resolved when I switched from basic auth to cookie based auth. However, I have a question around cookie based auth.

My cron job creates a new client using the following line of code:

$client = JIRA::Client.new(jira_options)

And my cron job runs every 2 hours. So as for the issue @Karamorf is facing, is he creating the client once and letting it sit there till the cookie associated with it expires? Or is he doing something like what I am doing, creating a new client object every few hours?

And what is the life span of the cookie once its created, after which it will expire and as this post points out, delete the username and password, potentially leading to failed authentications.

And also, if I am creating new client objects every 2 hours, do I need to care about the issue pointed out in this post, i.e, username and password getting deleted? Because every 2 hours, I am providing the credentials as part of options.

@SimonMiaou